Do not open public GitHub issues for security vulnerabilities.
Please report security issues privately to:
kazkozdev@gmail.com
Include:
- a clear description of the issue
- steps to reproduce
- affected files or endpoints
- possible impact
- a proof of concept if available
The goal is to acknowledge reports within a reasonable time and validate them before discussing remediation publicly.
Security reports are especially relevant for:
- file upload handling
- path handling and downloads
- database access
- local server exposure
- dependency vulnerabilities
- authentication or permission issues if such features are introduced later