If you discover a security vulnerability, please do not open a public issue.
Email boffti@gmail.com with:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
You'll get a response within 48 hours. If the issue is confirmed, a fix will be prioritized and you'll be credited in the release notes (unless you prefer to remain anonymous).
- Authentication and session handling
- GitHub token storage and expiry
- API route authorization
- Data isolation between users (RLS)
- Vulnerabilities in third-party dependencies (report those upstream)
- Issues requiring physical access to the server
- Social engineering attacks