Please do not open public GitHub issues for security vulnerabilities.
Instead, report them privately with:
- a clear summary
- affected files or surfaces
- reproduction steps
- impact assessment
- any suggested mitigation
For private reporting, contact:
hello@shiftbloom.studio
Use the subject line:
Myosotis Security Report
Security reports are especially useful for:
- auth or secret-handling issues
- deployment or infrastructure misconfigurations
- unsafe file-writing behavior
- command injection or shell-execution bugs
- privilege or access-control issues
We aim to:
- acknowledge receipt promptly
- validate the issue
- coordinate a fix
- disclose responsibly after remediation when appropriate