# Security Policy

## Reporting a Vulnerability

If you discover a security vulnerability in Awesome Cordova Plugins, please report it responsibly.

**Do not open a public GitHub issue for security vulnerabilities.**

Instead, please send an email to the maintainer or use [GitHub's private vulnerability reporting](https://github.com/danielsogl/awesome-cordova-plugins/security/advisories/new).

### What to include

- Description of the vulnerability
- Steps to reproduce
- Affected versions
- Potential impact

### Response

You can expect an initial response within 72 hours. We will work with you to understand the issue and coordinate a fix before any public disclosure.

## Scope

This policy covers the `@awesome-cordova-plugins/*` TypeScript wrapper packages. For vulnerabilities in the underlying Cordova plugins themselves, please report to the respective plugin maintainers.

## Supported Versions

Only the latest major version receives security updates.