| Version | Supported |
|---|---|
| 0.1.x | ✅ Active |
Do not open a public GitHub issue for security vulnerabilities.
Report via GitHub Security Advisory or contact the maintainers directly.
Include:
- Description of the vulnerability
- Steps to reproduce
- Affected SDK method(s)
- Potential impact
We will acknowledge within 48 hours and aim to release a fix within 7 days.
- Private key or secret key exposure
- Transaction signing vulnerabilities
- Incorrect amount parsing (
parseAmount/formatAmount) - Auth entry manipulation in x402 or wallet flows
- Stellar network-level issues
- Third-party wallet vulnerabilities
We follow coordinated disclosure. Please give us reasonable time to patch before public disclosure.