Create vuln report template

Author: xcorail

docs/report-template.md

@@ -0,0 +1,57 @@
+*This vulnerability report template is offered to you by the GitHub Security Lab. Use it as an inspiration for your own reports. Reporting a vulnerability using this template does not imply that this report has been acknowledged by the GitHub Security Lab. Remove this first section and any mention of the GitHub Security Lab when you use this template.* 
+
+# Vulnerability Report
+
+I identified potential security vulnerabilities in [product].
+
+I am committed to working with you to help resolve these issues. In this report you will find everything you need to effectively coordinate a resolution of these issues.
+
+If at any point you have concerns or questions about this process, please do not hesitate to reach out to me at [email].
+
+If you are _NOT_ the correct point of contact for this report, please let me know!
+
+## Summary
+
+*Short summary of the problem. Make the impact and severity as clear as possible. For example: An unsafe deserialization vulnerability allows any unauthenticated user to execute arbitrary code on the server.*
+
+## Product
+
+[product]
+
+## Tested Version
+
+[version]
+
+## Details
+
+*Give all details on the vulnerability. Pointing to the incriminated source code is very helpful for the maintainer.*
+
+## PoC
+
+*Complete instructions, including specific configuration details, to reproduce the vulnerability*
+
+## Impact
+
+[impact]
+
+## Remediation
+
+*Propose a remediation suggestion if you have one. Make it clear that this is just a suggestion, as the maintainer might have a better idea to fix the issue.*
+
+## GitHub Security Advisories
+
+We recommend you create a private [GitHub Security Advisory](https://help.github.com/en/github/managing-security-vulnerabilities/creating-a-security-advisory) for these findings. This also allows you to invite me to collaborate and further discuss these findings in private before they are [published](https://help.github.com/en/github/managing-security-vulnerabilities/publishing-a-security-advisory). I will be happy to collaborate with you, and review your fix to make sure that all corner cases are covered. 
+When you use a GitHub Security Advisory, you can request a CVE identification number from GitHub. GitHub usually reviews the request within 72 hours, and the CVE details will be published after you make your security advisory public. Publishing a GitHub Security Advisory and a CVE will help notify the downstream consumers of your project, so they can update to the fixed version.
+
+## Credit
+
+*List all researchers who contributed to this disclosure.*
+*Mention if you found the vulnerability with a specific tool.*
+
+## Contact
+
+[contact]
+
+## Disclosure Policy
+
+*Describe or link to your disclosure policy.*