We recommend always using the latest release.

Do not report security vulnerabilities through public GitHub issues.

Instead, please use GitHub's private vulnerability reporting.

• Description of the vulnerability
• Steps to reproduce
• Potential impact
• Any suggested fixes (optional)

• Acknowledgment: Within 72 hours
• Initial assessment: Within 1 week
• Resolution: Depends on severity and complexity

This project builds and packages FFmpeg binaries. Security issues may include:

• Build script vulnerabilities
• Dependency vulnerabilities in codec libraries
• Supply chain issues in the npm packages

For vulnerabilities in FFmpeg itself, please report to the FFmpeg security team.