DeskFlow takes security seriously. We appreciate your help in keeping DeskFlow and our users safe.
If you discover a security vulnerability, please report it responsibly:
- Do NOT open a public GitHub issue
- Email us at: security@growlocals.ai
- Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Any suggested fixes
We will acknowledge your report within 48 hours and work with you to understand and resolve the issue.
| Version | Supported |
|---|---|
| Latest release | ✅ |
| Previous releases | ❌ |
We recommend always running the latest version.
- Remote code execution
- SQL injection
- Authentication bypass
- Privilege escalation
- Cross-site scripting (XSS)
- Cross-site request forgery (CSRF)
- Sensitive data exposure
- Authorization flaws
- Denial of Service (DoS) attacks
- Social engineering
- Physical attacks
- Issues in dependencies (report to upstream)
- Missing security headers without demonstrated impact
- Reports from automated scanners without validation
- Give us reasonable time to fix issues before public disclosure
- Do not access or modify other users' data
- Do not perform testing on production systems
- Use a self-hosted instance for security testing
DeskFlow is built on DeskFlows. For vulnerabilities in core DeskFlows functionality, please also consider reporting to the upstream project:
- DeskFlows Security: https://github.com/deskflows/deskflows/security/advisories/new
- DeskFlows Email: security@deskflows.com
We appreciate security researchers who help keep DeskFlow safe. 🙏
Last updated: January 2025