Please do not open a public issue for a security vulnerability.

Email info@twinscrollgridbalancer.co.uk with details and steps to reproduce. You'll get an acknowledgement within a few days and an indication of next steps once the report has been assessed.

OpenMPPT is a protocol / codec library with no network-listening surface of its own, but parsing untrusted device data is squarely in scope — for example a malformed BLE advertisement or Modbus frame that crashes or misbehaves a decoder, or a reassembler that can be wedged by a crafted byte stream. Reports of that kind are very welcome.

The library is pre-1.0; fixes land on main and ship in the next release. Please reproduce against the latest main before reporting.