If you discover a security vulnerability in any Aathoos project, please do not open a public issue.
Instead, report it privately by:
- Going to the affected repository on GitHub
- Clicking Security → Report a vulnerability (GitHub's private advisory feature)
Or reach out to the maintainers directly through the contact information listed in the repository's README.
Please provide as much detail as possible:
- A description of the vulnerability
- Steps to reproduce or a proof of concept
- The potential impact
- Any suggested fix (optional)
We take security reports seriously. You can expect:
- An acknowledgment within 72 hours
- A status update within 7 days
- A fix or mitigation plan communicated before any public disclosure
We follow responsible disclosure — please give us reasonable time to address the issue before making it public.
Each repository maintains its own supported version policy. Check the individual repo's README or releases page for details.