If you discover a security vulnerability in any CUVETSMO project (cuvetsmo.com, VetMock, Hanong, etc.), please report it privately.
Preferred (fast response):
- Email: security@cuvetsmo.com
- GitHub Security Advisory (private): use the "Report a vulnerability" tab on the affected repo
- Instagram DM: @cuvetsmo (less formal, useful for "you might want to look at this")
- Affected URL / endpoint / repo
- Steps to reproduce
- Impact (confidentiality / integrity / availability)
- Your name + how you'd like credit (optional)
In scope: cuvetsmo.com · webcuvetsmo project · subdomains under cuvetsmo.com · CUVETSMO Supabase project · cuvetsmo/* GitHub org.
Out of scope: third-party services (Supabase platform, Vercel, Cloudflare — report to them directly), social engineering, physical security, denial of service.
- Acknowledge within 48 hours
- Initial assessment within 7 days
- Credit you publicly (with permission) when fixed
- We are an unfunded student council — no bug bounty cash, but we move fast
We accept reports in Thai or English.
Canonical security.txt: cuvetsmo.com/.well-known/security.txt