Please do not open a public issue for security reports.

Use GitHub's private vulnerability reporting to submit a report.

Include:

• Affected version(s)
• Steps to reproduce
• Impact / attack scenario
• Any suggested remediation

You will receive an acknowledgement within 72 hours. Coordinated disclosure timelines are case-by-case; we aim for fixes within 14 days of confirmation.

• Pulse desktop application
• The pulse-core Rust crate
• Official release binaries published on GitHub Releases

Out of scope:

• Third-party forks
• Dependencies (report upstream)
• Social engineering against contributors