Labels

Makes bots supporting this label ignore this issue.

Critical vulnerability with immediate risk to users or infrastructure. Likely to be actively exploitable, with widespread or severe impact such as remote code execution, authentication bypass, or full data exfiltration. Requires immediate response and coordination.

Serious security vulnerability that could lead to user harm, data exposure, or significant system compromise. Often remotely exploitable, affects default configurations or untrusted inputs, and has a clear or demonstrated impact. Requires prioritization and typically must be addressed before major releases or external disclosures.

Minor security concern with limited impact or exploitability. Might involve poor security hygiene, minor information leakage, or issues only exploitable in highly constrained, non-default, or theoretical scenarios. Does not require immediate attention but should be tracked and addressed as part of ongoing hardening or cleanup.

Moderate security risk with potential for user impact or system compromise in specific conditions. Exploitable under certain configurations, by authenticated users, or with user interaction. May require coordination to fix but is not actively being exploited or affecting critical paths. Should be addressed in the near term.