Do NOT open a public issue for security vulnerabilities.
Instead, please email: security@moonklabs.com
Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Acknowledgement: Within 48 hours
- Initial assessment: Within 5 business days
- Fix release: Best effort, typically within 30 days
- Authentication and authorization bypasses
- Data exposure or leakage
- SQL injection, XSS, CSRF
- Payment/billing manipulation
- API key exposure
- Denial of service (DoS)
- Social engineering
- Issues in third-party dependencies (report upstream)
We credit security researchers in our release notes (with permission).
Thank you for helping keep Sprintable secure! 🔒