Cursora is currently in active development. The latest tagged release is considered supported.

If you believe you have found a security issue in Cursora:

• Do not include exploit details in a public issue.
• Instead, either:
  • If this repository shows a “Report a vulnerability” button in the GitHub Security tab, use that (preferred), or
  • Contact the maintainer via GitHub (user: nuwandev), or
  • As a last resort, open a GitHub issue with minimal information and mark it clearly as a security concern.

Please include:

• Cursora version (from Settings → About, or the release tag)
• Windows version (10 / 11)
• A short description of the issue and, if possible, steps to reproduce

There is no bug bounty program, but responsible disclosure is appreciated and will be acknowledged in the changelog / release notes when appropriate.

• Cursora reads your cursor position locally to render effects on your own machine.
• It does not:
  • collect or send cursor data to any server
  • read your files or clipboard
  • require accounts or logins

For liability and warranty details, see the Apache-2.0 terms in LICENSE.