Python provides a security policy and threat model in the Python Development Guide documenting what bugs are vulnerabilities, how to structure reports, and what versions of Python accept reports.

Python Security Response Team (PSRT) members balance security work against many other responsibilities. Please be thoughtful about the time and attention your report requires. Repeated failure to respect the security policy will result in future reports being rejected, or the reporter being banned from the python GitHub organization, regardless of technical merit.

The Python security policy documents how to submit a vulnerability report using GitHub Security Advisories. Please read the security policy prior to filing a vulnerability report, especially the section on what information to include and exclude in vulnerability reports. Following the security policy means the PSRT can quickly and efficiently triage your report, not following the security policy will only delay triaging your report.