Skip to content

🚨 Vulnerability Reporting

Security is a team effort! If you discover a security vulnerability in Siyarix, please report it to me privately so I can patch it. I appreciate your help in keeping this project safe!

Danger

Please don't open public GitHub issues for security vulnerabilities. Publicly disclosing a flaw before a patch is ready puts users at risk.

📩 How to Report an Issue

🥇 Preferred Method: GitHub Security Advisories

This is the easiest way to reach me: 1. Navigate to the GitHub Security Advisories Page. 2. Click the "New advisory" button. 3. Provide a clear description and reproduction steps.

🥈 Alternative Method: Email

If you prefer, you can email me directly (contact details are in SECURITY.md).

📝 What to Include in Your Report

To help me fix the issue quickly, please include: - Affected Version: The Siyarix version number (e.g., v1.0.0) or specific commit. - Vulnerability Type: (e.g., Prompt Injection, Data Leak). - Steps to Reproduce: Clear instructions. - Impact: What could an attacker do? - Suggested Fix: (Optional, but highly appreciated!)

⏱️ Response Timeline

Since this is a personal project, I'll do my best to review and fix things as quickly as possible, usually within a few days.

🎯 Scope of the Program

✅ In Scope (Please Report These!)

  • The core Siyarix Python package (src/siyarix/).
  • Local configuration and credential storage flaws.
  • Permission Gate bypasses.
  • Failures in the DLP engine.

❌ Out of Scope

  • Vulnerabilities in third-party tools invoked by Siyarix (e.g., bugs in nmap). Please report those to their maintainers.
  • Issues with the AI Provider's cloud infrastructure (e.g., OpenAI or Google being down).
  • Bugs in features explicitly marked as "stubs" or "under development."

🤝 Coordinated Disclosure Policy

  1. Submit the vulnerability privately.
  2. I'll assess the flaw and work on a patch.
  3. I'll release the fix and credit you!
  4. Only after the fix is publicly available should you publish a blog post.

🏆 Recognition

Contributors who help find security issues will be permanently credited in the official SECURITY.md file!