Do not report security vulnerabilities through public GitHub issues.
Use GitHub's private security advisory feature or create an issue with the security label.
Include in your report:
- Type of issue and affected files
- Steps to reproduce the issue
- Impact assessment
Response timeline:
- Acknowledgment within 48 hours
- Assessment within 1 week
- Fix and disclosure after resolution
- JWT authentication with bcrypt password hashing
- Input validation and sanitization
- HTTPS encryption and secure headers
- CORS protection and rate limiting
- Regular dependency updates