Please report vulnerabilities privately to security@nuguard.ai. Do not open public issues for unpatched vulnerabilities.

Include:

• A clear description of the issue
• Affected versions or commit range
• Reproduction steps or proof of concept
• Potential impact

The security process covers:

• Parser and extractor behavior
• CLI input handling
• Dependency and supply-chain risks
• Credential handling in integrations and config

• Initial response: within 2 business days
• Triage decision: within 5 business days
• Remediation timeline: based on severity and exploitability

Please allow time for triage and a fix before public disclosure. When a fix is released, maintainers may publish an advisory and attribution.