If you discover a security issue in this project, do not open a public issue. Instead, send a private report to the maintainer.
Disclosure channel: open a private security advisory on GitHub.
Include:
- Affected version (or commit SHA)
- Reproduction steps or proof of concept
- Impact assessment (what does an exploit accomplish?)
- Suggested fix, if you have one
| Severity | First response | Patch / mitigation |
|---|---|---|
| Critical (RCE, data exfiltration, auth bypass) | 24 hours | 7 days |
| High | 3 days | 14 days |
| Medium / Low | 7 days | Best effort |
Only the latest minor release on main receives security patches.
- Reporter sends private advisory.
- Maintainer acknowledges receipt within the first-response SLA.
- Maintainer + reporter agree on a coordinated disclosure date (default 30 days from the patched release).
- Patched release ships; reporter is credited unless they prefer anonymity.
- Public advisory published on the agreed date.
- Vulnerabilities in third-party dependencies that have not been patched upstream — please report those upstream first.
- Issues that require an attacker to already have control of the host process (in-process supply-chain attacks).
- Self-inflicted misconfigurations of your own MCP server registration.
Reporters who follow this disclosure process are credited in the release notes for the patched version, unless they explicitly request anonymity.