Skip to content

Security: fivetran/great_expectations

SECURITY.md

Security Policy

Reporting a Vulnerability

If you believe you've found a security vulnerability in Great Expectations, please report it privately using GitHub's private vulnerability reporting feature rather than opening a public issue or discussion:

Report a vulnerability (Security tab → "Report a vulnerability")

This creates a private draft security advisory that is visible only to maintainers, so the details aren't exposed publicly while a fix is developed.

Please include as much of the following as you can:

  • A description of the vulnerability and its potential impact
  • Steps to reproduce, or a proof-of-concept
  • The affected version(s) of Great Expectations
  • Any known mitigations

What to Expect

A maintainer will acknowledge your report and work with you through the advisory to confirm the issue, assess severity, and develop a fix. Once a fix is ready, we'll coordinate on disclosure timing and credit before the advisory is made public.

Please Don't Use Public Issues for Security Reports

Public GitHub issues and discussions are visible to everyone, including potential attackers. Please don't use them to report security vulnerabilities — use the private reporting path above instead.

There aren't any published security advisories