Optuna uses GitHub’s Private Vulnerability Reporting feature to enable responsible and confidential reporting of security issues.

If you discover a potential vulnerability, please report it to the development team through this feature: Report a Vulnerability

• Your submission will remain confidential within the Private Vulnerability Report until the development team decides to share it publicly.
• The information you report will be used to help resolve security issues.
• The development team includes members with write or higher permission to the repository, as well as security managers.
• The development team will investigate and work toward a resolution. Please refrain from posting the issue in public forums such as GitHub Issues, Pull Requests, or social media until the fix or disclosure is complete.
• The timing of public disclosure will be determined through communication between the development team and the reporter. If the reporter prefers not to disclose the issue, it will remain private.

We appreciate your help in improving the security and reliability of Optuna.