This repo holds documentation, diagrams, and a module registry. It does not ship runtime code; vulnerabilities almost always belong in the module repo (see README.md for the per-module links).

For an issue specific to this repo's docs/registry (e.g. a phishing link, a misleading installation instruction, a supply-chain claim about a registry entry), email contact@lan-nguyen-si.de.

For runtime-code vulnerabilities in any Project OS module, follow the SECURITY.md in that module's own repo.

You will get an acknowledgement within 72 hours.