| Version | Supported |
|---|---|
| Latest (main) | ✅ |
| Older releases | ❌ |
Please do NOT open a public GitHub issue for security vulnerabilities.
To report a security issue privately:
- Email: security@osintintelligence.xyz
- Subject line:
[SECURITY] CanaryNet - <brief description> - Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Any suggested fix (optional)
We aim to respond within 48 hours and will work with you to understand and resolve the issue promptly.
The following are in scope:
- Authentication bypass
- Remote code execution
- SQL injection
- Sensitive data exposure
- Privilege escalation in the dashboard API
The following are out of scope:
- Denial of service attacks
- Issues requiring physical access to the server
- Social engineering
We follow responsible disclosure. Once a fix is released, we will credit the reporter (with their permission) in the release notes.
Thank you for helping keep CanaryNet and its users safe.