| Version | Supported |
|---|---|
| 0.1.x | Yes |
Do not report security vulnerabilities through public GitHub issues.
If you discover a security issue, please report it privately:
- Open a GitHub Security Advisory (preferred when the repository is public), or
- Contact the maintainers through GitHub private communication.
Include:
- Description of the vulnerability
- Steps to reproduce
- Impact assessment
- Suggested fix (if any)
- Acknowledgment within 7 days
- Initial assessment within 14 days
- Fix or mitigation plan communicated as soon as a root cause is confirmed
We will coordinate disclosure after a fix is available.
Security reports should concern the VerbaGuard library itself (code execution, denial of service through crafted input, etc.).
Dictionary content policy, false-positive/false-negative tuning, and moderation effectiveness are product concerns, not security vulnerabilities.