QPyth is an open-source quantum software toolkit. Some repository features use DNA-inspired or sequence-themed representations for computational exploration. These features are not biological simulation tools and are not intended for laboratory, medical, diagnostic, therapeutic, or bioengineering use.

Security updates are provided for the latest stable release and the main branch.

Users should upgrade to the latest release to receive security fixes and dependency updates.

QPyth should be treated as developer and research software, not as a safety-certified system. In particular:

• outputs are not guaranteed to be biologically valid, clinically meaningful, or safe for real-world use
• DNA-related features must not be used for synthesis, pathogen engineering, wet-lab experimentation, or operational biological decision-making
• optional integrations and external services may introduce network, API, credential, or third-party dependency risk

We aim to reduce risk through:

• dependency monitoring
• static analysis and linting
• code review
• input validation for user-facing interfaces
• secure handling of optional integrations where applicable

Repository CI currently runs:

ruff check .
ruff format --check .
pytest -v --tb=short
pytest --cov=quantumpytho --cov-report=xml

Please do not open a public issue for suspected vulnerabilities.

Instead:

1. Use GitHub Security Advisories or private vulnerability reporting if it is enabled for the repository.
2. If private reporting is unavailable, contact the maintainers privately and include SECURITY in the subject line.

Please include:

• affected component
• reproduction steps
• impact assessment
• suggested mitigation, if available

We ask reporters to avoid public disclosure until the issue has been reviewed and a fix or mitigation is available.

If you identify a risk involving:

• misuse of DNA-related functionality
• unsafe interpretation of sequence-like assets
• misleading biological claims
• dual-use or biosecurity concerns

please report it as a security concern even if it is not a traditional software exploit.

QPyth is provided for research, education, and software experimentation. It is not intended for clinical, medical, diagnostic, therapeutic, biosurveillance, synthesis, or wet-lab decision support.