We currently support the latest version of the project. Please make sure you are using the most up-to-date version before reporting a vulnerability.
| Version | Supported |
|---|---|
| Latest | ✅ |
| Older | ❌ |
If you discover a security vulnerability in this project, please do not open a public issue. Instead, report it privately via email or a secure method.
Please send an email to [email protected] with the following:
- A description of the vulnerability
- Steps to reproduce the issue
- Any potential fixes or recommendations
We will respond within 3–5 business days, investigate the report, and take appropriate action.
This project currently involves user-uploaded files (PDFs/images). Please pay attention to:
- File validation
- Content spoofing
- Server-side file processing vulnerabilities (e.g.,
sharp,pdf-lib) - Denial of Service (large file abuse)
If you find any abuse vectors within this scope, your report is highly appreciated.
We are committed to:
- Addressing valid reports in a timely manner
- Keeping the community informed (if needed)
- Crediting researchers (if they wish)
Thank you for helping keep this project safe!