If you believe you have found a security issue, please do not open a public GitHub issue with exploit details.
Instead:
- prepare a short description of the issue
- include affected files, commands, or API routes if known
- include reproduction steps or a proof of concept when safe to share
- describe the potential impact
For this repository, the preferred first step is a private maintainer contact through the repository owner or a private disclosure channel associated with the project host.
Helpful reports usually include:
- affected version, branch, or commit if known
- whether the issue needs local access, network access, or crafted input
- whether private data, annotations, or local review databases could be exposed
- whether the issue is a denial-of-service, path traversal, code execution, or data-leak style problem
The project is maintained as an active research-and-tooling repository, so response times may vary.
The maintainer goal is to:
- acknowledge a credible report
- assess severity and scope
- prepare a fix or mitigation when practical
- disclose publicly after a fix or mitigation is available, when appropriate
Security-sensitive areas in this repository may include:
- local file serving in the review web UI
- import and export paths for analysis artifacts
- review database handling
- scripts that move data between local storage and external services
Please avoid testing against systems or data you do not own or control.