Security matters deeply to the Bleverse community. If you believe you've discovered a security vulnerability, thank you.
Please do not open a public GitHub issue, as we'd like to handle it responsibly and protect users while we investigate.
Please report security issues privately using one of the following channels:
- GitHub Security Advisories: open a private report (via the repository's Security tab)
- Email: [email protected]
When reporting, the more context you can share, the better. Helpful details may include:
- A clear description of the issue and its potential impact
- Steps to reproduce (a proof-of-concept is welcome)
- Relevant logs, screenshots, environment details
- A suggested fix or mitigation (if you have one)
- Affected components or paths
Thoughtful reports help us respond faster and more effectively.
Bleverse uses the Common Vulnerability Scoring System (CVSS) as a reference when assessing reported issues.
- 9.0-10.0 (Critical): prioritized for immediate mitigation
- 7.0-8.9 (High): addressed with high priority
- Lower scores are evaluated and resolved based on risk and impact
While CVSS is a helpful standard, we also consider real-world impact, exploitability, and potential risk to users and infrastructure when determining response urgency.
- We'll acknowledge your report as soon as reasonably possible.
- We'll investigate carefully and determine appropriate next steps.
- Please avoid public disclosure until a fix or mitigation is available.
- If you would like credit for your report, we're happy to include it in release notes or advisories whenever possible.
Our goal is responsible disclosure, coordinated fixes, and transparency with users.
Security fixes are generally provided for the latest release or the main branch.
Protecting user trust is a shared responsibility, and your help makes a real difference.
Thank you for helping keep Bleverse secure.