| Version | Supported |
|---|---|
| 1.1.x | β Active Support |
| 1.0.x | β End of Life |
If you discover a security vulnerability in FORMA, please report it responsibly:
- Do NOT create a public GitHub issue
- Email security concerns to: Devsh0801@gmail.com
- Include detailed reproduction steps
- Allow 48 hours for initial response
| Date | CVE ID | Severity | Type | Affected | Action | Status |
|---|---|---|---|---|---|---|
| 2025-12-03 | CVE-2025-55182 | π΄ Critical | Remote Code Execution (RCE) | React 19.0.0-19.2.0, Next.js 16.0.6 | Upgraded to Next.js 16.0.7, React 19.2.1 | β Patched |
This project follows security best practices:
- Environment Variables: All API keys stored in
.env.local(never committed) - Row Level Security: Supabase RLS policies enabled on all tables
- Input Validation: User inputs validated before processing
- Dependency Auditing: Regular
npm auditchecks
We monitor dependencies for vulnerabilities using:
npm auditβ Run before each release- GitHub Dependabot β Automated security alerts
- Manual review of critical packages (Next.js, React, Supabase)
Last Updated: December 3, 2025