Skip to content

Security: aerbilir/VerbaGuard

Security

SECURITY.md

Security Policy

Supported Versions

Version Supported
0.1.x Yes

Reporting a Vulnerability

Do not report security vulnerabilities through public GitHub issues.

If you discover a security issue, please report it privately:

  1. Open a GitHub Security Advisory (preferred when the repository is public), or
  2. Contact the maintainers through GitHub private communication.

Include:

  • Description of the vulnerability
  • Steps to reproduce
  • Impact assessment
  • Suggested fix (if any)

Response Timeline

  • Acknowledgment within 7 days
  • Initial assessment within 14 days
  • Fix or mitigation plan communicated as soon as a root cause is confirmed

We will coordinate disclosure after a fix is available.

Scope

Security reports should concern the VerbaGuard library itself (code execution, denial of service through crafted input, etc.).

Dictionary content policy, false-positive/false-negative tuning, and moderation effectiveness are product concerns, not security vulnerabilities.

There aren't any published security advisories