Thanks for helping keep git-tweet secure.
Security fixes are applied to the latest version on the main branch.
Older tags/releases may not receive backported fixes.
Please do not open public issues for security-sensitive reports.
Use GitHub’s private reporting flow instead:
- Go to the repository’s Security tab
- Click Report a vulnerability (GitHub Security Advisories)
If that option is not available, you can contact the maintainer privately:
- Email: abv-creative@proton.me
(Replace with your preferred address.)
- Clear description of the vulnerability and potential impact
- Steps to reproduce (PoC if available)
- Affected endpoints/files (e.g., OAuth callbacks, webhook ingestion)
- Any suggested fix or mitigation
Please do not include secrets: OAuth tokens, client secrets, webhook secrets, or personal data.
In-scope examples:
- OAuth flow issues (state/PKCE handling, token leakage)
- Webhook verification bypasses
- Authentication/authorization flaws
- Unsafe logging of secrets
- Vulnerabilities that could cause unauthorized posting or data exposure
Out of scope examples:
- Social engineering
- Physical access attacks
- Denial-of-service from unrealistic traffic volumes
After receiving a report, we aim to:
- Acknowledge receipt
- Investigate and validate the issue
- Patch and publish a fix on
main - Provide credit (optional) if you want it