If you believe you have found a security vulnerability in PineForge, please report it privately rather than opening a public issue.

Use this repository’s Security tab → Report a vulnerability (GitHub Security Advisories), or contact the maintainers privately with a detailed description of the issue, affected versions, and steps to reproduce.

Please allow reasonable time for a fix before discussing the issue in public.

This repository is the PineScript v6 backtest runtime (C/C++ library). Reports about the separate pineforge-codegen transpiler, TradingView’s platform, or third-party strategy code are out of scope for this tracker unless they concern this runtime’s build or execution of untrusted native code.

TradingView-linked CSV exports live in the public corpus/ and benchmarks/assets/ submodules as factual parity references (see LEGAL.md). If you find genuinely sensitive data (secrets, credentials, private keys) committed by mistake, report it as a data-handling concern privately.

Security fixes are applied to the main branch as needed. Tags and release notes will note any security-relevant changes; use the latest tag where possible.