| Version | Supported |
|---|---|
| 0.1.x | ✅ Active |
Do not open a public GitHub issue for security vulnerabilities.
Report via GitHub Security Advisory or contact the maintainers directly.
Include:
- Description of the vulnerability
- Affected page or component
- Steps to reproduce
- Potential impact
We will acknowledge within 48 hours and aim to release a fix within 7 days.
- Wallet connection or signing vulnerabilities
- x402 payment flow exploits (replay, invoice binding bypass)
- XSS or injection vulnerabilities in invoice data rendering
- Environment variable exposure
- Stellar network-level issues
- Third-party wallet vulnerabilities (Freighter, etc.)
- UI/UX bugs with no security impact
We follow coordinated disclosure. Please give us reasonable time to patch before public disclosure.