If you discover a security vulnerability in DB-Card, please report it via:
GitHub Security Advisories: https://github.com/iim0663418/DB-Card/security/advisories/new
- Acknowledgment: Within 48 hours
- Status Updates: Every 7 days
- Fix Target: Within 30 days for high/critical issues
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if available)
| Version | Supported |
|---|---|
| 4.6.x | ✅ |
| 4.0-4.5 | ✅ |
| < 4.0 | ❌ |
DB-Card undergoes regular security scanning:
- OSV-Scanner: Multi-language vulnerability database (every commit)
- npm audit: Node.js dependency scanning (weekly)
- OWASP ZAP: Web application security testing (monthly)
Latest scan results: docs/security/scan-reports/
DB-Card follows these security standards:
- OWASP Top 10 2021: Web application security
- RFC 6749: OAuth 2.0 Authorization Framework
- RFC 7636: PKCE for OAuth Public Clients
- RFC 9700: OAuth 2.0 Security Best Current Practice
- GDPR: Articles 7, 12, 13, 15, 20, 30 (100% compliant)
We follow responsible disclosure:
- Report received and acknowledged
- Vulnerability verified and assessed
- Fix developed and tested
- Security advisory published (if applicable)
- CVE assigned (for critical issues)
The following are not considered security vulnerabilities:
- Issues in unsupported versions (< 4.0)
- Social engineering attacks
- Physical access attacks
- Denial of Service (DoS) without demonstrated impact
- Issues requiring physical access to user devices
For non-security issues, please use GitHub Issues.
Last Updated: 2026-02-02
Version: 1.0.0