Security is important.
Please follow these guides to report a vulnerability privately:
We use securityscorecards.dev to automatically run the following open source security checks during development: https://github.com/ossf/scorecard/tree/main#checks-1.
A perfect score is 10/10; it’s calculated like this:
Source: https://securityscorecards.dev/#how-it-works
Reports for Material UI are published at https://github.com/mui/material-ui/security/code-scanning (private). The public details of the score: https://securityscorecards.dev/viewer/?uri=github.com%2Fmui%2Fmaterial-ui.
Reports for Base UI are published at https://github.com/mui/base-ui/security/code-scanning (private), the public details of the score: https://securityscorecards.dev/viewer/?uri=github.com%2Fmui%2Fbase-ui.
Reports for MUI X are published at https://github.com/mui/mui-x/security/code-scanning (private), the public details of the score: https://securityscorecards.dev/viewer/?uri=github.com%2Fmui%2Fmui-x.
Reports for Toolpad are published at https://github.com/mui/mui-toolpad/security/code-scanning (private), the public details of the score: https://securityscorecards.dev/viewer/?uri=github.com/mui/mui-toolpad.
Reports for Pigment CSS are published at https://github.com/mui/pigment-css/security/code-scanning (private), the public details of the score: https://securityscorecards.dev/viewer/?uri=github.com/mui/pigment-css.