If you discover a security vulnerability in this project, please report it by opening an issue with the label security.
Do not open a public issue for security vulnerabilities. Instead, contact the maintainers directly.
When reporting a security issue, please include:
- A description of the vulnerability
- Steps to reproduce the issue
- Potential impact
- Any suggested fixes (if applicable)
We aim to respond to security reports within 48 hours.
This policy applies to all code in this repository, including:
- Python code examples
- Web API examples (FastAPI, Flask)
- LLM training and inference code
Out of scope:
- Dependencies (report to upstream maintainers)
- Development tools and configuration files
We appreciate responsible disclosure and will acknowledge contributors who report valid security issues (unless they prefer to remain anonymous).