The Dart team takes the security of pub.dev seriously. This page describes how to report any vulnerabilities you may find.
Reporting vulnerabilities #
In the rare event that you find a vulnerability in pub.dev, contact us at https://goo.gl/vulnz.
For more information about how Google handles security issues, see Google’s security philosophy.
Security advisories for packages #
In case of a vulnerability regarding a specific package, use GitHub’s security advisory feature to create a new security advisory. GitHub will review and ingest the advisory into the central GitHub Advisory database where you can also go search for vulnerabilities in the Pub ecosystem.
For more information about pub and security advisories checkout out the docs.