If you discover a security vulnerability, please do NOT open a public issue.

Contact the maintainer directly:

• GitHub: @mortada313s

We will respond within 48 hours and work on a fix promptly.

This is a local-network application. Before deploying to the internet:

• Passwords are stored as plain text → upgrade to bcrypt
• No HTTPS → add SSL certificate
• No rate limiting → add request throttling
• No JWT sessions → implement proper session management