| Version | Supported |
|---|---|
latest (main) |
✅ |
Do not open a public GitHub issue for security vulnerabilities.
Please report security issues by emailing the maintainer directly or using GitHub's private vulnerability reporting.
Include:
- A description of the vulnerability
- Steps to reproduce
- Potential impact
- Any suggested fix (optional)
You can expect an acknowledgement within 48 hours and a resolution or mitigation plan within 14 days.
Areas of particular concern for this project:
- API key authentication bypass
- Rate limiting circumvention
- Arbitrary code execution via model loading
- Path traversal in model artifact loading
- Secrets exposure via logs or API responses
| ID | Package | Reason | Reviewed |
|---|---|---|---|
| PYSEC-2025-183 (CVE-2025-45768) | pyjwt (transitive via redis) |
Disputed by pyjwt maintainers. No fix version exists. The issue is weak key length chosen by the caller, not the library. This project does not call pyjwt directly. | 2026-05-20 |