Security concerns that impact repos under the graphql GitHub org (including reference implementations and official tools) may be responsibly disclosed to the TSC via any current TSC member, with the expectation that they will be discussed and triaged by the TSC as a whole. You may reach a subset of current TSC members via security@graphql.org.

Our goal is to provide complete, accurate, and actionable disclosures once a reported issue has been sufficiently understood and there has been a reasonable opportunity to deploy fixes responsibly. See the TSC security policy.

Please note that TSC members are voluntary, geographically distributed, and tend to have a lot of demands on their time - please be patient with us.