Hello @danpros ,
I have discovered multiple critical security vulnerabilities in HTMLy CMS v3.1.1 that require immediate attention.
Summary (Non-Specific)
- Severity: Critical
- Affected Version: v3.1.1
- Vulnerabilities Found: 3 distinct issues
Responsible Disclosure Attempt
I have attempted to contact you via email 23 days ago with full technical details but have not received a response.
Next Steps
I would like to coordinate responsible disclosure through GitHub Security Advisories:
- Please enable Private Vulnerability Reporting on this repository
- Or create a Security Advisory and add me as collaborator
- Or respond to my email at [your-email]
Timeline
Per industry standards, I am following a 90-day disclosure timeline:
- First contact: Jan 17, 2026
- Public disclosure: [DATE - 90 days from first contact]
I prefer coordinated disclosure with patches. Please respond within 7 days to discuss.
Contact
Thank you for maintaining HTMLy. I look forward to working together to protect users.
Hello @danpros ,
I have discovered multiple critical security vulnerabilities in HTMLy CMS v3.1.1 that require immediate attention.
Summary (Non-Specific)
Responsible Disclosure Attempt
I have attempted to contact you via email 23 days ago with full technical details but have not received a response.
Next Steps
I would like to coordinate responsible disclosure through GitHub Security Advisories:
Timeline
Per industry standards, I am following a 90-day disclosure timeline:
I prefer coordinated disclosure with patches. Please respond within 7 days to discuss.
Contact
Thank you for maintaining HTMLy. I look forward to working together to protect users.