Do not open a public GitHub issue for security vulnerabilities.
Report security issues via GitHub Security Advisories or email security@opennous.cloud.
We will acknowledge your report within 72 hours and aim to ship a fix within 14 days for critical issues.
In scope: API authentication, memory data access controls, webhook HMAC validation, SQL injection, XSS, privilege escalation.
Out of scope: Issues in third-party dependencies (report those upstream), rate limiting on self-hosted installs, social engineering.