Clarvia currently maintains the following public repositories:
| Repository | Supported |
|---|---|
clarvia-graph |
Yes |
workflow-web |
Yes |
.github |
Yes |
Private operational repositories are not covered by this public security policy.
Please do not report security vulnerabilities through public GitHub issues.
GitHub private vulnerability reporting is enabled for all supported repositories. Use the links below to report a vulnerability:
If private vulnerability reporting is not available, report the issue privately to a Clarvia maintainer or organization owner.
Please report:
- exposed secrets,
- dependency vulnerabilities,
- build or deployment misconfigurations,
- authentication or authorization issues,
- data exposure risks,
- supply-chain risks,
- or vulnerabilities affecting the public website or generated outputs.
Clarvia does not intend to collect personal bereavement case data in phase one.
Please do not submit:
- identity documents,
- death certificates,
- personal legal documents,
- family details,
- addresses,
- medical information,
- financial records,
- or private correspondence
through public issues, pull requests, or discussions.
Clarvia is a small nonprofit project.
We will make a good-faith effort to:
- acknowledge valid reports,
- assess impact,
- prioritize remediation,
- and publish security-relevant updates where appropriate.
Please do not publicly disclose unresolved vulnerabilities before maintainers have had a reasonable opportunity to assess and address them.