Responsible vulnerability disclosure, security advisories, and research from the Lexiphanic team.
This website is the public home for Lexiphanic Security disclosures and advisories. It is built with 11ty (Eleventy) using the LibDoc theme.
Disclosure data is intentionally stored in a separate private repository and consumed at build time. This allows:
- This repository to remain fully public and open for community contributions
- Sensitive vulnerability details to stay hidden until responsible disclosure timelines are met
- A clean separation between site infrastructure and advisory content @lexiphanic/security-website (this repo) <-- public └── @lexiphanic/disclosures <-- private package (disclosure data)
- Bun v1.3+ (other Javascript runtimes properly work too)
- Either;
- Access to the private
@lexiphanic/disclosurespackage (internal team only) - Use dummy data, just populate the
disclosuresdirectory.
- Access to the private
git clone https://github.com/Lexiphanic/security-blog.git
cd security-blog
bun installbun run devbun run buildWe follow a responsible disclosure process. Vulnerabilities are kept private until:
- The vendor has been notified
- A fix has been released or the disclosure window has elapsed
- The advisory is published publicly on this site
If you have a vulnerability to report, please contact us.
Contributions to the site structure, theme, and tooling are welcome. Please open an issue or pull request. Note that advisory content is managed separately and not accepted via this repository.