Please report vulnerabilities privately to: d9ng@outlook.com
Do not open a public GitHub issue for security reports.
- Affected version / commit SHA
- Reproduction steps
- Impact assessment (data exposure, RCE, privilege escalation, etc.)
- Suggested fix (optional)
| Stage | Target |
|---|---|
| Initial acknowledgement | within 3 days |
| Severity triage | within 7 days |
| Fix or mitigation plan | within 30 days for high/critical |
tunaFlow is in beta. Only the latest release receives security fixes.
- Issues in upstream dependencies (report to the respective projects)
- Attacks requiring physical access to the user's machine
- Social engineering of project maintainers
Coordinated disclosure is preferred. We will credit reporters in the release notes unless anonymity is requested.