Security is important.
Please follow these guides to report a vulnerability privately:
This automation runs the following checks: https://github.com/ossf/scorecard/tree/main#checks-1.
Reports for MUI Core are published https://github.com/mui/material-ui/security/code-scanning (private). The public details of the score: https://api.securityscorecards.dev/projects/github.com/mui/material-ui.
https://img.shields.io/ossf-scorecard/github.com/mui/material-ui?label=openssf scorecard&style=flat
The same tools is used for the other repositories:
CodeQL runs SAST (Static Application Security Testing) on the codebase. The reports for MUI Core are published at https://github.com/mui/material-ui/security/code-scanning (private).
The same tools are used for the other repositories: