Electrum is currently in active development. Security updates are applied to the latest version on the master branch.
| Version | Supported |
|---|---|
| latest (master) | ✅ |
| older snapshots | ❌ |
If you discover a security vulnerability in Electrum, please do not open a public GitHub issue.
Instead, report it privately by:
- GitHub Private Vulnerability Reporting (preferred): Use the Security Advisories feature to report privately.
- Email: Contact the maintainer at the address linked in the GitHub profile (
@yoelf22).
Please provide:
- A description of the vulnerability and its potential impact
- Steps to reproduce the issue
- Any proof-of-concept code (if applicable)
- Suggested mitigation or fix (optional)
| Stage | Timeline |
|---|---|
| Acknowledgment | Within 3 business days |
| Initial assessment | Within 7 business days |
| Resolution / patch | Within 30 days (severity-dependent) |
- You will receive acknowledgment of your report.
- We will investigate and keep you informed of progress.
- Once resolved, we will credit you in the release notes (unless you prefer to remain anonymous).
- If the report is not accepted, we will explain why.
This security policy covers the Electrum toolkit code, scripts, and templates in this repository. It does not cover third-party AI model APIs (Claude, etc.) or developer environment configurations.
We follow a coordinated disclosure approach. Please allow us time to patch the vulnerability before any public disclosure.