We address security issues affecting the latest commit on the default branch and the latest tagged release.
This project is an offensive security / assessment tool. Reports we want to hear about include:
- Unexpected credential exfiltration or plaintext leakage in default configurations
- Unsafe defaults that could harm operators running the tool on their own systems
- Build or distribution integrity issues (e.g., tampering vectors in the release pipeline)
Please do not use the public issue tracker for undisclosed exploit chains against third-party systems.
To report a vulnerability in LinuxPi itself, email: [email protected] with:
- A short description and impact
- Steps to reproduce (if applicable)
- Whether you need coordinated disclosure
We aim to acknowledge within a few business days. Please allow time for a fix before public disclosure.
LinuxPi is intended only for authorized security testing. Misuse is prohibited.