This repository hosts a public static academic homepage. Security reports are welcome when they affect the public site, the repository contents, or visitor safety.
In scope:
- Accidental exposure of secrets, private drafts, personal data, or local machine paths.
- Broken or misleading external links that could send visitors to unsafe destinations.
- Third-party resource issues that affect page integrity, privacy, or visitor safety.
- Unsafe downloadable content or unexpected executable content.
- Repository configuration issues that could affect GitHub Pages publication.
Out of scope:
- General content corrections that are not security-sensitive.
- Automated reports without a reproducible impact.
- Attacks requiring control of a visitor's browser, device, network, or GitHub account.
- Denial-of-service reports against GitHub Pages infrastructure.
Please report security-sensitive issues privately by email:
Include:
- A short description of the issue.
- The affected page, file, or link.
- Steps to reproduce.
- The potential impact.
- Any suggested fix, if available.
Please do not open public issues or pull requests that reveal secrets, private data, or exploit details before the issue has been reviewed.
Reports will be reviewed as soon as practical. Valid issues will be fixed in the repository and deployed through the normal GitHub Pages workflow. Credit can be added in release notes or project documentation when requested and appropriate.