If you discover a security vulnerability in VibeConsole, please report it responsibly.
Do NOT open a public GitHub issue for security vulnerabilities.
Instead, please email: security@vibeconsole.dev
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Acknowledgment: Within 48 hours
- Initial assessment: Within 1 week
- Fix & disclosure: We aim to resolve confirmed vulnerabilities within 30 days
This policy applies to the latest release of VibeConsole. Please ensure you're testing against the most recent version before reporting.
- Code execution vulnerabilities
- Privilege escalation
- Data exposure through IPC channels
- Dependency vulnerabilities with active exploits
- Issues in dependencies without a known exploit
- Issues requiring physical access to the machine
- Social engineering attacks
We follow coordinated disclosure. We'll work with you to understand and fix the issue before any public disclosure.
Thank you for helping keep VibeConsole secure.