| Version | Supported |
|---|---|
| 1.0.x | ✅ |
If you discover a security vulnerability, please report it responsibly:
- Do not open a public issue.
- Email security@flashvision.dev with a detailed description.
- Include steps to reproduce, impact assessment, and any suggested fix.
We will acknowledge receipt within 48 hours and aim to release a patch within 7 days for critical issues.
- Code execution vulnerabilities in model loading / checkpoint deserialization
- Path traversal in file I/O utilities
- Dependency vulnerabilities (please check upstream first)
- Adversarial attacks on generated images (model robustness)
- Denial of service via large inputs (resource limits are the user's responsibility)