From f9751bfd81fee622a3cc6ef9eba11894fc245978 Mon Sep 17 00:00:00 2001
From: Louis Lam <louislam@users.noreply.github.com>
Date: Sun, 16 Nov 2025 22:40:35 +0800
Subject: [PATCH] Update security reporting instructions in SECURITY.md (#6355)

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
---
 SECURITY.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/SECURITY.md b/SECURITY.md
index ad252370b..34111c258 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -8,7 +8,8 @@
    do not send a notification, I probably will miss it without this.
    <https://github.com/louislam/uptime-kuma/issues/new?assignees=&labels=help&template=security.md>
 
-Do not use the public issue tracker or discuss it in public as it will cause
+- Do not report any upstream dependency issues / scan result by any tools. It will be closed immediately without explanations. Unless you have PoC to prove that the upstream issue affected Uptime Kuma.
+- Do not use the public issue tracker or discuss it in public as it will cause
 more damage.
 
 ## Do you accept other 3rd-party bug bounty platforms?