Skip to content

Security: nobugpal/qdecision

Security

SECURITY.md

Security Policy

Reporting a Vulnerability

If you find a security issue in Qdecision, do not open a public issue first.

Please provide:

  • a concise description of the vulnerability
  • reproduction steps or a proof of concept
  • affected provider path if relevant (Ollama / OpenAI)
  • impact assessment if known

Until a private reporting channel is configured, report responsibly through a direct maintainer contact path instead of public disclosure.

Scope Notes

Relevant areas include:

  • API route authorization or owner isolation
  • prompt or structured output injection paths
  • data leakage across browser owners
  • secrets or environment variable exposure
  • unsafe logging of prompts or responses

There aren't any published security advisories