| Version | Supported |
|---|---|
| 1.0.x | ✅ |
If you discover a security vulnerability, please report it responsibly:
- Do NOT open a public GitHub issue for security vulnerabilities
- Email security concerns to the maintainers directly
- Provide detailed information about the vulnerability
- Allow reasonable time for a fix before public disclosure
- FlashVLM loads model weights from disk or HuggingFace Hub. Only load models from trusted sources.
- When using the CLI or API server, ensure proper access controls are in place.
- Model outputs should not be treated as ground truth for safety-critical applications.
- Keep dependencies updated to their latest secure versions
- Use virtual environments to isolate dependencies
- Review model sources before loading untrusted weights
- Implement rate limiting when deploying as a service