Please do not report security vulnerabilities in public GitHub issues.

Use one of these channels:

1. GitHub private vulnerability reporting — Report a vulnerability on the repository Security tab (if enabled).
2. Email — contact the maintainer via the email associated with the GitHub account @Jorg3L3on.

Include:

• Description of the issue and impact
• Steps to reproduce
• Affected version or commit SHA

We aim to acknowledge reports within a few business days and will coordinate on disclosure timing.

In scope: authentication bypass, cross-tenant data access, injection, unsafe file upload, and similar issues in this repository’s application code.

Out of scope: social engineering, denial of service against deployments you do not operate, and vulnerabilities in third-party services (Vercel, Neon) unless introduced by this project’s configuration documented here.