Security reports are welcomed for:
- Backend API and authentication flows
- Dependency vulnerabilities
- Secrets/configuration leaks
- Smart contract logic vulnerabilities in
onchain/
Please do not open a public issue for vulnerabilities.
Report privately through:
- GitHub Security Advisories: https://github.com/kike-alt/DeWordle/security/advisories/new
Include:
- Vulnerability description
- Reproduction steps
- Potential impact
- Suggested remediation (optional)
- Initial acknowledgment: within 72 hours
- Triage and severity assessment: within 7 days
- Remediation timeline: based on severity and complexity