| Version | Supported |
|---|---|
| 1.x.x | ✅ |
We take security seriously at CERT-X-GEN. If you discover a security vulnerability, please report it responsibly.
Please DO NOT file a public GitHub issue for security vulnerabilities.
Instead, please report security vulnerabilities by emailing:
Please include the following in your report:
- A clear description of the vulnerability
- Steps to reproduce the issue
- Potential impact assessment
- Any suggested fixes (if available)
- Acknowledgment: We will acknowledge receipt of your report within 48 hours
- Assessment: We will investigate and validate the vulnerability within 7 days
- Updates: We will keep you informed of our progress
- Resolution: We aim to release a fix within 30 days for critical issues
- Credit: With your permission, we will credit you in our release notes
We consider security research conducted in accordance with this policy to be:
- Authorized concerning any applicable anti-hacking laws
- Exempt from DMCA restrictions
- Conducted in good faith
We will not pursue legal action against researchers who:
- Follow this policy
- Make good faith efforts to avoid privacy violations and data destruction
- Avoid disruption of our services
- Give us reasonable time to address issues before public disclosure
When using CERT-X-GEN:
- Template Sources: Only use templates from trusted sources
- Sandboxing: Enable sandbox mode when running untrusted templates
- API Keys: Store API keys in environment variables, not in config files
- Network: Use proxies when scanning sensitive targets
- Updates: Keep CERT-X-GEN and templates updated
CERT-X-GEN executes code from templates in multiple languages. Please:
- Review templates before execution
- Use
--safemode for production systems - Validate template signatures when available
- Report malicious templates immediately
For general security questions (non-vulnerabilities):
- Open a GitHub Discussion
- Tag your post with
security
For vulnerability reports:
- Email: security@bugb.io
Thank you for helping keep CERT-X-GEN and its users safe!