We take security seriously. If you discover a vulnerability in any Amulya Labs project, please report it using GitHub's private vulnerability reporting feature (GHSA).

Do not open a public issue or send emails for security vulnerabilities.

We commit to:

• Acknowledgment: Within 5 business days
• Timeline: 90-day coordinated disclosure window before public acknowledgment
• Communication: GitHub Security Advisory (GHSA) only—no email addresses

This approach protects users while giving us time to develop and release patches responsibly.

Subscribe to security advisories on any Amulya Labs repository to receive notifications of published CVEs and patches.