| Version | Supported |
|---|---|
| 0.1.x | ✅ |
Please do NOT open a public GitHub Issue for security vulnerabilities.
Instead, please report them through GitHub's private security advisory feature:
- Go to the Security Advisories page
- Click "New draft security advisory"
- Fill in the details of the vulnerability
- Submit — only repository maintainers can see this
Alternatively, email security@ashutosh0x.dev with:
- Description of the vulnerability
- Steps to reproduce
- Impact assessment
- Any suggested fix
- Acknowledgment within 48 hours
- Triage and severity assessment within 5 business days
- Fix or mitigation within 30 days for critical issues
- Credit in the release notes (unless you prefer anonymity)
The following are in scope:
- The
rust-financebinary and all workspace crates - GitHub Actions workflows and CI/CD configuration
- API key handling and secret management
- WebSocket connection security (Alpaca, Binance, Finnhub)
- EIP-712 signing implementation (Polymarket)
- Any dependency with a known CVE that affects this project
- Third-party API provider vulnerabilities (Alpaca, Finnhub, etc.)
- Social engineering attacks
- Denial of service against public APIs