- Report vulnerabilities via private email or your preferred channel (add contact here).
- Do not open public issues for sensitive disclosures.
- Supported versions: main branch.
Operational recommendations:
- Use least-privilege tokens for GitHub and Snyk.
- Scope n8n credentials per workflow.
- Store secrets using Docker secrets or your cloud secret manager in production.