If you discover a security vulnerability in vulners-cli, please report it responsibly through GitHub Security Advisories.

Please do not open a public issue for security vulnerabilities.

We will acknowledge receipt within 48 hours and aim to provide a fix or mitigation plan within 7 days for critical issues.

This policy covers the vulners-cli tool itself. Vulnerabilities in the upstream Vulners API should be reported directly to Vulners.