Security fixes are applied to the latest published major version of Vote Tracker.
Do not open a public issue for a suspected vulnerability.
Use GitHub's private vulnerability reporting feature for:
- Webhook signature bypasses
- Replay-protection failures
- Token or secret exposure
- Authentication bypasses on statistics routes
- Discord mention or interaction abuse
- Dependency vulnerabilities with a practical impact
Include:
- Affected version
- Reproduction steps or a proof of concept
- Expected and actual behavior
- Potential impact
- Suggested mitigation, if known
Do not include real production credentials or user data.
The maintainer will validate the report, coordinate a fix, and publish disclosure information after users have had a reasonable opportunity to update.