Please do not open a public GitHub issue to report a security vulnerability.

Instead, send a private report to the maintainers via one of these channels:

• GitHub private vulnerability reporting — click Security → Report a vulnerability on this repository (preferred).
• Email — send details to the email address listed in the repository profile. Encrypt your message with our PGP key if the details are sensitive.

• A clear description of the vulnerability and its potential impact.
• Steps to reproduce or a minimal proof-of-concept.
• The version(s) affected.
• Any suggested mitigations, if known.

• Acknowledgement of your report within 3 business days.
• A status update within 7 business days confirming whether we have accepted or declined the report.
• A coordinated public disclosure after a fix is released, crediting you unless you prefer to remain anonymous.

Thank you for helping keep KidWallet safe.