The U.S. Food and Drug Administration (FDA) takes security vulnerabilities seriously. If you believe you have found a security vulnerability in this repository, please report it to us through coordinated disclosure.
Please do NOT report security vulnerabilities through public GitHub issues, discussions, or pull requests.
FDA follows the HHS Vulnerability Disclosure Policy. Submit your report through the official HHS reporting portal:
- HHS Vulnerability Disclosure Policy: [https://www.hhs.gov/vulnerability-disclosure-policy/index.html]
- Submit a Report: [https://hhs.responsibledisclosure.com]
For general security questions or concerns about FDA systems, contact:
- Repository Maintainer: [open@fda.hhs.gov]
When contributing to this repository:
- Follow the principle of least privilege
- Validate and sanitize all inputs
- Use parameterized queries for database access
- Keep dependencies up to date
- Never commit secrets, API keys, or credentials
- Review security advisories for dependencies
Disclaimer: This repository contains code developed for research, regulatory science, or public health purposes. The code is provided "as-is" without warranty. Use in production systems should follow your organization's security assessment processes.
Last Updated: [6/5/26]