Security

Report a vulnerability

SECURITY.md

Security Policy

Reporting a Vulnerability

To securely report a vulnerability, please open an advisory on GitHub or report it by sending an email to koukun0120@gmail.com.

attach_packed_output can bypass file-read secret scanning for supported local files
GHSA-hwpp-h97w-2h3j published May 27, 2026 by yamadashy

Moderate
Command Injection (RCE) via `--remote-branch` Argument Injection
GHSA-9mm9-rqhj-j5mx published May 27, 2026 by yamadashy

High

Learn more about advisories related to yamadashy/repomix in the GitHub Advisory Database