| Version | Supported |
|---|---|
{{CURRENT_MAJOR}}.x |
✅ Active |
< {{CURRENT_MAJOR}}.0 |
❌ No longer supported |
Do not open a public GitHub issue for security vulnerabilities.
Email: {{SECURITY_EMAIL}}
Include in your report:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Any suggested fix (optional)
| Stage | Target |
|---|---|
| Acknowledgement | Within 48 hours |
| Status update | Within 7 days |
| Patch or mitigation | Within 30 days for critical; 90 days for moderate |
In scope:
- Authentication or authorization bypass
- Injection vulnerabilities (SQL, command, XSS)
- Sensitive data exposure
- Remote code execution
- Dependency with known CVE affecting this project
Out of scope:
- Vulnerabilities in third-party services (report to them directly)
- Social engineering
- Theoretical vulnerabilities without proof of concept
| Researcher | Issue | Date |
|---|---|---|