The Arvo AI team takes security bugs in Aurora seriously. We appreciate your efforts to responsibly disclose your findings.
Please do not report security vulnerabilities through public GitHub issues.
Instead, please report them via email to:
Include the following information in your report:
- Type of vulnerability (e.g., SQL injection, XSS, authentication bypass, etc.)
- Full paths of source file(s) related to the manifestation of the vulnerability
- The location of the affected source code (tag/branch/commit or direct URL)
- Any special configuration required to reproduce the issue
- Step-by-step instructions to reproduce the issue
- Proof-of-concept or exploit code (if possible)
- Impact of the issue, including how an attacker might exploit it
After you submit a report, you can expect:
-
Acknowledgment: We will acknowledge receipt of your vulnerability report within 72 hours.
-
Communication: We will keep you informed about the progress of fixing the vulnerability.
-
Verification: We will work with you to understand and verify the vulnerability.
-
Fix: We will work to develop and test a fix for the vulnerability.
For security concerns, please email: info@arvoai.ca
For general questions, see CONTRIBUTING.md.
Thank you for helping keep Aurora and its users safe!