Please do not report security vulnerabilities through public GitHub issues.
If you discover a security vulnerability in a Deepgram starter, please report it responsibly through one of these methods:
- Navigate to the repository's Security tab
- Click "Report a vulnerability"
- Fill out the security advisory form with:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Any suggested fixes
Send details to: security@deepgram.com
Include:
- Description of the vulnerability
- Affected starter repository
- Steps to reproduce
- Potential impact
- Your contact information (optional, for follow-up)
- Acknowledgment: We'll respond within 48 hours
- Updates: We'll keep you informed throughout the process
- Resolution: We aim to address critical vulnerabilities within 30 days
- Credit: You'll be credited in the security advisory (unless you prefer anonymity)
This policy applies to security issues in:
- Deepgram starter application code
- Frontend repositories
- Build and deployment configurations
- Documentation that could lead to security issues
For issues with the Deepgram API itself, please visit deepgram.com/security
Thank you for helping keep Deepgram starters secure!