Add some minimal guideline about GHSA (#347)

Fixes #345.
2025-12-26 16:07:48 +01:00 · 2020-08-01 20:43:50 +02:00
parent a7b90acdc2
commit ee840d4a4d
1 changed files with 3 additions and 0 deletions
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -19,6 +19,9 @@ Feel free to do either or both of these as you see fit (we recommend you do both

 4. [Yank] the affected versions of the crate.
 5. Request a CVE for your vulnerability: https://iwantacve.org/
+   Alternatively, you can create a GitHub Security Advisory (GHSA) and let them request
+   a CVE for you. In this case, you can add the GHSA ID to the RustSec advisory via the
+   `aliases` field.

 ## Criteria