Security: vulnerability reported to this project not yet reported

[jonathansantilli]

Hello team,

I have reported a vulnerability in this project following the intigriti.com project instructions, but it hasn't been acknowledged yet.

Is there anything else I have to do?

Cheers!

[lbeurerkellner]

Thank you for your report, we will get back to you as soon as possible.

[jonathansantilli]

Hi @lbeurerkellner, thanks for the reply.

It's been around a month since I reported this on intigriti.com. Do you have any timeline in mind?

I haven't received any response yet on intigriti.com.

I am following your own guidance https://github.com/snyk/agent-scan/security

[JiwaniZakir]

Vulnerability disclosures submitted via Intigriti are typically triaged through that platform's own queue before they reach the repository maintainers, so the lack of acknowledgment here is likely because the report is still pending triage on Intigriti's side rather than being overlooked by the team. The maintainers may not have visibility into your submission until Intigriti forwards it — checking the status directly in your Intigriti dashboard (e.g., whether it shows "New" or "Pending Triage") would confirm whether it has been received at all. If the submission has been sitting unacknowledged on the platform beyond the program's stated SLA, escalating through Intigriti's support channel is the appropriate next step rather than the GitHub issue tracker.