The Dart team takes the security of pub.dev seriously.
This page describes how to report any vulnerabilities you may find.
In the rare event that you find a vulnerability in pub.dev, contact us at
https://goo.gl/vulnz
.
For more information about how Google handles security issues, see
Google’s security philosophy
.
In case of a vulnerability regarding a specific package, use GitHub’s
security
advisory
feature to create a new security advisory. GitHub will review and ingest the
advisory into the central
GitHub Advisory
database
where you can also go search for
vulnerabilities in the Pub ecosystem.
For more information about pub and security advisories checkout out the
docs
.