Please do not disclose sensitive vulnerabilities in public issues.
If you find a security issue in PrivyLoop, contact the maintainer privately through the contact information listed on the maintainer's GitHub profile.
Include:
- a short description
- affected area or package
- steps to reproduce
- potential impact
Relevant reports include:
- auth/session handling issues
- insecure secrets handling
- unsafe scraping or extension permissions behavior
- exposure of sensitive user privacy data
- vulnerabilities in API routes with a realistic exploit path
Out of scope:
- theoretical issues without a plausible exploit path
- stale planning docs
- third-party platform bugs outside this repository