Security fixes are applied to the latest commit on the default branch only.
Do not open a public GitHub issue for security vulnerabilities.
Contact: info@lab10yr.com
Subject line: [SECURITY] <brief description>
We acknowledge receipt within 48 hours and provide a resolution timeline within 7 business days.
Please include:
- Affected repository and file(s)
- Steps to reproduce
- Potential impact
- Suggested mitigation, if known
| Repository | In Scope |
|---|---|
| NRCS-Soil-Data-Access | XSS in SQL explorer, SSRF via SDA proxy, data injection |
| Soil-Data-Access-Training-Resources | XSS in Query Lab, unsafe eval() usage |
- Third-party services (USDA SDA API, GitHub Pages, Cloudflare)
- Denial of service attacks
- Social engineering
Once a fix is deployed we publish a brief advisory in the affected repository's Security tab.