We take the security of our software seriously, including all source code repositories managed through our GitHub, including but not limited to ES-Trainer, Descriptive, LinkPreview, and others.
If you believe you have found a security vulnerability in any of our repositories, please report it to us as described below.
We generally only address security issues in the latest release of each project. If you are unsure whether a version is still supported, mention it in your report and we will clarify.
Please do not report security vulnerabilities through public GitHub issues.
Instead, send an email to:
If possible, please encrypt your message using our PGP key to keep your report confidential:
- Key: https://keys.openpgp.org/vks/v1/by-fingerprint/2ED290123EE5AD1AF13F1E486214C0AC8F802626
- Fingerprint:
2ED2 9012 3EE5 AD1A F13F 1E48 6214 C0AC 8F80 2626
We aim to acknowledge your report within 24 hours.
Please provide as much of the following as possible to help us understand and triage the issue quickly:
- Type of vulnerability
- Affected repository and version
- Step-by-step reproduction instructions
- Proof of concept or exploit code (if applicable)
- Potential impact (what an attacker could achieve)
- Your suggested fix (optional but appreciated)
We prefer all communications to be in English.