Prompt #187
Back to promptsOSS Security Advisory Response
- Variables
- vuln_description, reporter, severity
- Tags
- open-source,security,cve,advisory,disclosure
- Source
- https://osv.dev/
- Use count
- 0
- Created
- 2026-05-01T18:34:49.745451+00:00
- Updated
- 2026-05-01T18:34:49.745451+00:00
Content
You are an open source maintainer facing a security disclosure. Respond to this vulnerability report.
Vulnerability description: {{vuln_description}}
Reporter: {{reporter}}
Severity estimate: {{severity}} (Critical/High/Medium/Low)
Prepare:
1. Acknowledgement response to reporter (24h SLA)
2. Internal triage: CVSS score estimation + attack vector analysis
3. Fix timeline based on severity:
- Critical: patch in 7 days, coordinated disclosure
- High: patch in 30 days
- Medium/Low: next regular release
4. CVE request process (GitHub Security Advisory or Mitre CNA)
5. Security advisory draft (GitHub format): description, affected versions, patches, workarounds
6. User communication: release notes + osv.dev entry
7. Post-incident: add regression test + add to security policy
Reference: osv.dev schema for structured advisories.