Thank you for helping keep EverOS and its users safe.
Please do not open a public GitHub issue for a security vulnerability.
Report suspected vulnerabilities privately through one of the maintainer contact channels listed in the README, or by opening a GitHub security advisory if that feature is available for the repository.
Include as much detail as you can:
- Affected component or path.
- Steps to reproduce.
- Impact and likely severity.
- Relevant logs, requests, responses, or screenshots.
- Suggested fix, if you have one.
Security reports are most useful for:
- EverCore API, storage, tenant isolation, and memory retrieval behavior.
- Authentication, authorization, or data exposure risks.
- Secret handling in examples, demos, and deployment files.
- Benchmark or use-case code that could execute untrusted input unsafely.
Maintainers will review reports and coordinate a fix before public disclosure when the issue is confirmed.