| Version | Supported |
|---|---|
| latest | ✅ |
If you discover a security vulnerability in WireGUI, please report it responsibly through GitHub's private vulnerability reporting:
- Go to the Security Advisories page
- Click "Report a vulnerability"
- Fill in the details of the vulnerability
Please do not open a public issue for security vulnerabilities.
- You will receive an acknowledgment within 48 hours
- We will provide a timeline for a fix within 7 days
- Security patches will be released as soon as possible
The following are in scope for security reports:
- Authentication and authorization bypasses
- SQL injection, XSS, CSRF, or other injection vulnerabilities
- WireGuard configuration issues that could expose private keys
- API token or session handling flaws
- Privilege escalation between user roles
- Denial of service (DoS) attacks
- Issues in third-party dependencies (report these upstream)
- Social engineering attacks