Thank you for helping make secscore secure and reliable. We take security issues seriously and appreciate your efforts to responsibly disclose vulnerabilities.
| Version | Supported |
|---|---|
Latest (main branch) |
✅ Yes |
| Previous releases |
Security fixes will only be applied to the most recent version. You are encouraged to always use the latest version.
If you believe you have found a security vulnerability in this project, please do not create a GitHub issue or pull request.
Instead, please report it directly by email:
- Email: kontakt@nicokempe.de
- PGP key (optional): https://nicokempe.de/publickey-kontakt@nicokempe.de-0x0ACE3EA8.asc
Please include as much detail as possible:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested remediation (if any)
I will respond as promptly as possible, typically within 72 hours.
- You report the vulnerability via email.
- We verify and assess the impact.
- We work on a patch or mitigation plan.
- We release a fix and disclose the vulnerability in the CHANGELOG, giving credit where appropriate.
All reports are kept confidential until a fix is released. No security information is shared publicly until the issue is resolved.
This policy applies only to the secscore source code.
- Vulnerabilities in third-party dependencies (please report to the original maintainers)
- General support requests
- Vulnerabilities in example apps or test playgrounds