Do not open a public issue. Email mattia.cibin17@gmail.com with:

• Description and impact
• Reproduction steps or PoC
• Affected version(s)
• Suggested fix if you have one

You will get a response within 72 hours. Confirmed issues get a CVE request, a private fix, and a coordinated disclosure once a patched release is out.

In scope: the vortelio binary, server endpoints, Python launcher, NSIS installer. Out of scope: third-party models, cloud provider APIs proxied through Vortelio, user-installed Python packages.