中文

If you discover a security vulnerability in crun, please report it via:

1. GitHub Security Advisory: Go to Security → Advisories and create a private advisory.
2. Email: Send details to the maintainer (see GitHub profile for contact).

Please do NOT open a public issue for security vulnerabilities.

• The install scripts (install.sh, install.ps1) — issues like command injection, insecure downloads
• The crun binary itself — issues like arbitrary code execution through config files
• The TUI — issues like terminal escape injection

• The claude CLI binary that crun wraps (report those to Anthropic)
• Issues requiring local user access (if you can write to the config dir, you already have user-level access)