If you discover a security vulnerability in this project, please report it privately by emailing eugen-goebel@hotmail.de.
Please do not file public GitHub issues for security vulnerabilities, as this could expose users to risk before a fix is available.
I aim to acknowledge reports within 7 days and provide an initial assessment within 14 days.
This is a portfolio project; only the latest commit on main is supported.
Both the FastAPI backend and the React frontend are in scope for security reports. Of particular interest:
- Authentication / authorization issues
- Input validation gaps in API endpoints
- Cross-site scripting (XSS) in the frontend
- Dependency vulnerabilities