Security

Report a vulnerability

SECURITY.md

Security Policy

Reporting a Vulnerability

Please report any vulnerabilities to GitHub Security.

OS Command Injection in Docker Container Management Endpoints
GHSA-c2g2-hqgq-6w9v published Apr 22, 2026 by LukeGus

Critical
Pending-TOTP temporary token can regenerate backup codes and neutralize TOTP
GHSA-vx59-rf9w-9jv8 published Apr 22, 2026 by LukeGus

High
Command injection in extractArchive/compressFiles via double-quote escaping bypass
GHSA-rvg4-7vvq-9c2w published Apr 22, 2026 by LukeGus

High
Stored XSS in File Manager leading to Local File Inclusion (LFI) in Electron and Session Hijacking in Browser
GHSA-m3cv-5hgp-hv35 published Jan 12, 2026 by LukeGus

High
The official Docker image provided by Termix has a serious authentication bypass vulnerability.
GHSA-92cw-877q-6r94 published Oct 1, 2025 by LukeGus

Critical

Learn more about advisories related to Termix-SSH/Termix in the GitHub Advisory Database