Security is important.
Please follow these guides to report a vulnerability privately:
This automation runs the following checks: https://github.com/ossf/scorecard/tree/main#checks-1.
Reports for MUI Core are published at https://github.com/mui/material-ui/security/code-scanning (private). The public details of the score: https://api.securityscorecards.dev/projects/github.com/mui/material-ui.
https://img.shields.io/ossf-scorecard/github.com/mui/material-ui?label=openssf scorecard&style=flat
The same tools are used for the other repositories:
Reports for Base UI are published at https://github.com/mui/base-ui/security/code-scanning (private), the public details of the score: https://api.securityscorecards.dev/projects/github.com/mui/base-ui.
https://img.shields.io/ossf-scorecard/github.com/mui/base-ui?label=openssf scorecard&style=flat
Reports for MUI X are published at https://github.com/mui/mui-x/security/code-scanning (private), the public details of the score: https://api.securityscorecards.dev/projects/github.com/mui/mui-x.
https://img.shields.io/ossf-scorecard/github.com/mui/mui-x?label=openssf scorecard&style=flat
Reports for MUI Toolpad are published at https://github.com/mui/mui-toolpad/security/code-scanning (private), the public details of the score: https://api.securityscorecards.dev/projects/github.com/mui/mui-toolpad.
https://img.shields.io/ossf-scorecard/github.com/mui/mui-toolpad?label=openssf scorecard&style=flat
CodeQL runs SAST (Static Application Security Testing) on the codebase. The reports for MUI Core are published at https://github.com/mui/material-ui/security/code-scanning (private).