Please do not open a GitHub issue for security vulnerabilities.

Report security issues to: security@quantaseal.io

For highly sensitive findings, encrypt your report using our PGP key:
D866 301F 83C1 F7D4 CF4F 87F4 DA64 E1C9 BCB5 A2FE
Available at: https://quantaseal.io/.well-known/pgp-key.txt

Full vulnerability disclosure policy and bug bounty tiers (up to $500 AUD cash):
https://quantaseal.io/security/disclosure

PQC implementation issues (ML-KEM-768 / ML-DSA-65 weaknesses, algorithm downgrade, key material exposure) are our highest-severity bug category and receive the maximum bounty.