CodeRAG is pre-1.x; security fixes land on master and in the latest published release. Please test against the latest master before reporting.

Please do not open a public issue for security problems.

Report privately via GitHub's private vulnerability reporting (the repository's Security → Report a vulnerability tab). Include:

• a description and impact assessment,
• steps to reproduce (a minimal PoC if possible),
• affected version/commit and configuration (surface: CLI · HTTP API · UI · Helm).

We aim to acknowledge a report within a few days and to coordinate a fix and disclosure timeline with you.

A few things are working as designed, not vulnerabilities:

• The HTTP API is unauthenticated by default. It is intended for trusted, loopback-only use unless you opt in. Set CODERAG_API_KEY to require Authorization: Bearer <key> / X-API-Key, keep CODERAG_CORS_ORIGINS empty (never *) unless you need cross-origin access, and place the server behind TLS and an authenticating proxy before exposing it. The shipped container binds 0.0.0.0, so set CODERAG_API_KEY there. (GET /status stays unauthenticated as the health-probe target; it exposes only coarse index stats.)
• Indexed code is treated as untrusted data by the optional LLM answer surface.
• GET /file only serves files that are actually indexed, contained to the watched root.

If you can bypass any of the above (e.g. read files outside the watched root, defeat the API-key check, or escape the Helm git-clone protocol allowlist), that is in scope.