Security Policy

Responsible Disclosure

We take security seriously and appreciate the efforts of security researchers who help us maintain a secure environment.

If you discover a security vulnerability, please follow these guidelines:

• Report the vulnerability privately to [email protected]
• Provide detailed information about the vulnerability
• Allow reasonable time for us to address the issue
• Do not publicly disclose the vulnerability until it's resolved

What We're Looking For

• Cross-site scripting (XSS)
• Cross-site request forgery (CSRF)
• Server-side request forgery (SSRF)
• Remote code execution (RCE)
• SQL injection
• Authentication bypass
• Information disclosure

What We're NOT Looking For

• Denial of service (DoS) attacks
• Social engineering
• Physical security issues
• Outdated software versions (unless exploitable)

Recognition

Security researchers who responsibly disclose vulnerabilities will be acknowledged in our Hall of Fame.

View Hall of Fame →

Contact

For security-related inquiries:

• Email: [email protected]
• GitHub: Security Advisories