Report vulnerabilities privately to:
ray@smartmur
Include:
- affected repository and path
- reproduction steps
- impact assessment
- suggested remediation (if available)
Do not open public issues for unpatched vulnerabilities.
- No committed secrets or private keys
- Dependency vulnerabilities triaged and patched
- Production claims validated by reachable endpoints