Please do not report security vulnerabilities through public GitHub issues.
MedCheck handles sensitive medical data queries and integrates with external APIs. We take security seriously and appreciate responsible disclosure.
Use GitHub's private vulnerability reporting to submit a vulnerability report confidentially.
Alternatively, contact the maintainers directly via the email listed on the GitHub profile.
- A clear description of the vulnerability
- Steps to reproduce the issue
- Potential impact, especially any risk to medical data confidentiality or integrity
- Suggested remediation if known
- 48 hours: Acknowledgment of the report
- 7 days: Initial assessment and severity classification
- 90 days: Target for patch release (critical issues prioritized)
You will be kept informed throughout the process.
| Version | Supported |
|---|---|
| Latest | Yes |
| Older | No |
MedCheck processes medical and health-related queries. Any vulnerability that could expose, alter, or misroute sensitive medical data is treated as critical severity. Please flag such issues explicitly in your report.
- External LLM transmission is opt-in. The
vision_analysisstep sends imaging slices and clinical context to a cloud LLM provider (Claude / GPT / Gemini) only after explicit consent: pass--allow-cloud-llmtomedcheck analyze, setMEDCHECK_ALLOW_EXTERNAL_LLM=1, or confirm the prompt in interactive mode. Without consent the step raises an error instead of transmitting data. Use the offlinelocalprovider to avoid transmission entirely (see #18). - Logs are pseudonymised. Patient names and study descriptions are never written to stdout/logs; a short hash-derived pseudonymous identifier of the patient ID is logged instead. Note this is pseudonymisation, not full anonymisation — hashed identifiers in low-entropy ID spaces may still be re-identifiable.
- Credentials are kept out of error messages. Portal access codes are not echoed into exceptions or logs.
- Network exposure is opt-in. The web server binds to
127.0.0.1by default. When exposing it on the network, setMEDCHECK_API_KEYso/apiendpoints require anX-API-Keyheader. - Rate limiting behind a reverse proxy. The built-in limiter keys on the
client socket IP; behind a proxy all clients would share the proxy's IP and
one bucket. Set
MEDCHECK_TRUST_PROXY_HEADERS=1only when a trusted proxy fronts the server, so the firstX-Forwarded-Forhop is used instead (client-spoofable without a proxy). In proxied deployments, treat the proxy's own rate limiting as the primary control and the app limiter as a backstop — the in-process limiter is per-worker and not shared state. - Generated reports contain PHI by default. Reports (JSON/PDF/HTML) embed
patient name, ID and birth date from the DICOM metadata unless
--deidentifyis passed, which replaces them with a stable pseudonym. Report files are written with owner-only permissions (0600), but the output directory must still be treated as PHI: do not commit it, upload it to CI artifacts, or share it without de-identification. - No silent LLM provider substitution. If the requested LLM provider is
unavailable, MedCheck falls back only to the on-device
localprovider (or fails) — it never reroutes patient data to a different cloud provider.
In scope:
- Source code in this repository
- Default configuration and integrations
- Data handling and LLM provider integrations
Out of scope:
- Third-party data provider infrastructure
- LLM provider APIs (OpenAI, Anthropic, etc.) — report those to the respective vendors