Security

Report a vulnerability

SECURITY.md

Security Policy

Reporting a Vulnerability

If you discover a security vulnerability in TSDProxy, please report it responsibly.

Do not open a public GitHub issue.

Instead, please email: almeidapaulopt@gmail.com

Include the following information:

A description of the vulnerability
Steps to reproduce the issue
The affected version(s)
Any potential impact

Response Time

We aim to acknowledge vulnerability reports within 48 hours and provide a fix within 7 days, depending on severity and complexity.

Disclosure Policy

We ask that you:

Give us reasonable time to fix the issue before public disclosure
Do not access or modify other users' data
Act in good faith to avoid privacy violations or service degradation

Thank you for helping keep TSDProxy secure.

Internal proxy auth token forwarded to backend services enables management API escalation
GHSA-g936-7jqj-mwv8 published Jun 3, 2026 by almeidapaulopt

Critical
X-Forwarded-For header injection allows IP spoofing in proxied requests to backend services
GHSA-pqg7-v6wh-3pfp published Jun 3, 2026 by almeidapaulopt

High
Unauthenticated access to dashboard control endpoints, API, and live access-log streams under the documented default deployment
GHSA-j8rq-87gr-gm9q published May 17, 2026 by almeidapaulopt

High

Learn more about advisories related to almeidapaulopt/tsdproxy in the GitHub Advisory Database