Please do not open a public GitHub issue for security vulnerabilities.

Report them privately by visiting chanunkha.com and using the contact form. Include as much detail as possible: steps to reproduce, impact, and any suggested fix.

You will receive a response within 72 hours. Once the vulnerability is confirmed and a fix is prepared, a security advisory will be published and credit given to the reporter (unless anonymity is preferred).

Axiom is a local desktop application with no network services, remote code execution surface, or user authentication. The primary security concern is safe handling of user-supplied mathematical expressions evaluated locally.