Security

Report a vulnerability

SECURITY.md

Security Policy

Reporting a Vulnerability

Please do not open a public issue for sensitive security problems.

Instead, report vulnerabilities privately to the maintainers with:

a clear description of the issue
affected files or features
reproduction steps or proof of concept
potential impact

Scope

Security reports are especially useful for:

local data exposure
import parsing vulnerabilities
unsafe file handling
attachment path traversal or overwrite risks
unintended network dependencies in the public app

Response Expectations

Maintainers will aim to:

acknowledge receipt
reproduce and assess impact
fix the issue or explain mitigation
coordinate disclosure when needed

If no private contact address is published yet, open a minimal public issue requesting a private contact channel without including exploit details.

There aren’t any published security advisories