If you discover a security vulnerability in any repository of the Inter-American Development Bank (IDB), please report it responsibly.
Please DO NOT open a public GitHub issue for security vulnerabilities.
Instead, send an email to: code@iadb.org
Include:
- Description of the vulnerability
- Steps to reproduce
- Repository affected
- Impact assessment (if possible)
- Acknowledgment: Within 3 business days
- Initial assessment: Within 10 business days
- Resolution: Depends on severity, typically within 30 days for critical issues
Only the latest version of each tool is actively supported. Archived repositories do not receive security updates.
This policy applies to all public and private repositories under the EL-BID GitHub organization.