| Version | Supported |
|---|---|
| 0.1.x | ✅ |
If you discover a security vulnerability in whoosh, please report it through GitHub Security Advisories.
Please do not open a public issue for security vulnerabilities.
- OAuth token or credential leakage
- Unauthorized access to stored health data
- SQL injection or other injection attacks
- Insecure storage of sensitive data
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Acknowledgment within 48 hours
- Status update within 7 days
- Fix or mitigation plan within 30 days for confirmed vulnerabilities