added SECURITY.md

SECURITY.md

@@ -0,0 +1,35 @@
+# Security Policies and Procedures
+
+## Reporting a Bug
+
+We take all security bugs in systeminformation seriously.
+Thank you for improving the security of systeminformation. We appreciate your efforts and
+responsible disclosure and will make every effort to acknowledge your
+contributions.
+
+To ensure the timely response to your report, please ensure that the entirety
+of the report is contained, when reporting a security issue.
+
+Report security bugs in third-party modules to the person or team maintaining
+the module.
+
+## Pre-release Versions
+
+Alpha and Beta releases are unstable and **not suitable for production use**.
+Vulnerabilities found in pre-releases should be reported according to the [Reporting a Bug](#reporting-a-bug) section.
+Due to the unstable nature of the branch it is not guaranteed that any fixes will be released in the next pre-release.
+
+## Disclosure Policy
+
+When we will receiving a security bug report, we will coordinate the fix and release process,
+involving the following steps:
+
+  * Confirm the problem and determine the affected versions.
+  * Audit code to find any potential similar problems.
+  * Prepare fixes for all releases still under maintenance. These fixes will be
+    released as fast as possible to npm.
+
+## Comments on this Policy
+
+If you have suggestions on how this process could be improved please submit a
+pull request.

docs/security.html

@@ -46,9 +46,9 @@
               <div class="text">
                 <h2>fsSize Command Injection Vulnerability</h2>
                 <p><span class="bold">Affected versions:</span>
-                  &lt; 5.23.14<br>
+                  &lt; 5.27.14<br>
                   <span class="bold">Date:</span> 2025-12-16<br>
-                  <span class="bold">CVE indentifier</span> CVE-???
+                  <span class="bold">CVE indentifier</span> CVE-2025-68154
                 </p>
 
                 <h4>Impact</h4>