Please do not disclose security vulnerabilities in public issues.
If GitHub Security Advisories are enabled for this repository, use private vulnerability reporting there. Otherwise, contact the maintainers through GitHub and share the minimum information needed to reproduce the issue safely.
Include the following when possible:
- Affected area or file
- Impact summary
- Reproduction steps
- Suggested mitigation, if known
Relevant security areas include:
- Authentication and authorization
- Supabase policies and exposed data access
- Input validation and XSS risks
- Dependency vulnerabilities
- Secrets handling and environment configuration
The maintainers will aim to:
- Acknowledge receipt of a report
- Validate the issue
- Prepare and release a fix when needed
- Credit the reporter when appropriate