Security

Report a vulnerability

.github/SECURITY.md

Security Policy

Reporting a Vulnerability

If you discover a security vulnerability in this project, please do not report it via public GitHub issues.

Instead, use GitHub's private vulnerability reporting feature:

Go to the Security tab of this repository
Click "Report a vulnerability"
Submit the details privately

This allows us to investigate and fix the issue before public disclosure.

What to Include

Please include as much information as possible:

Description of the vulnerability
Steps to reproduce
Affected versions
Potential impact
Proof of concept (if available)

Response Policy

We will acknowledge your report as soon as possible
We will investigate and work on a fix
We may ask for additional information if needed
We will coordinate responsible disclosure

Disclosure

Please do not publicly disclose the vulnerability until we have addressed it.

Thank you for helping keep this project secure.

Command injection in resize background color parameter when using ImageMagick CLI
GHSA-8q4h-8crm-5cvc published Apr 17, 2026 by nao-pon

High
Path Traversal vulnerability in PHP LocalVolumeDriver connector
GHSA-wm5g-p99q-66g4 published Jun 13, 2023 by nao-pon

High
Unsafe upload filtering leading to RCE
GHSA-qm58-cvvm-c5qr published Jun 13, 2021 by nao-pon

High
Multiple vulnerabilities leading to RCE
GHSA-wph3-44rj-92pr published Jun 13, 2021 by nao-pon

High

Learn more about advisories related to Studio-42/elFinder in the GitHub Advisory Database