Security fixes are applied to the latest released version of SPAD Detector.

Please report security-sensitive issues privately through GitHub's Report a vulnerability feature on the repository Security page when it is available. If private reporting is unavailable, open a public issue requesting a private contact channel without including vulnerability details.

Do not post vulnerability details, credentials, tokens, private datasets, or personal information in a public issue.

Useful reports include:

• dependency or packaging vulnerabilities;
• unsafe handling of local files or exported artifacts;
• Electron desktop-shell security issues;
• FastAPI exposure or configuration issues;
• accidental disclosure of sensitive information.

This project is a research simulator. Reports about physical-model accuracy, parameter assumptions, or reproducibility belong in the public issue tracker unless they also create a security risk.