Qryvanta is under active development. Security fixes are applied to the main branch first.

Please do not open public GitHub issues for potential security vulnerabilities.

Instead, report privately to:

• security@qryvanta.org

Please include:

• A clear description of the issue and impacted area.
• Steps to reproduce (proof of concept if possible).
• Potential impact.
• Suggested mitigation, if known.

You can expect an acknowledgment within 3 business days.

After validation, maintainers will:

1. Triage severity and impacted components.
2. Prepare and test a fix.
3. Coordinate disclosure and release notes.

We ask for responsible disclosure and reasonable time to remediate before public disclosure.