We appreciate and encourage reports of any security vulnerabilities in Vidar.
If you discover a vulnerability, please do not report it through public GitHub issues, discussions, or pull requests. Instead, follow the steps below to report it privately and securely.
Click here to report a vulnerability alternatively send the report to drsoliddevil+vidarsecurity@gmail.com.
The more information you can provide, the faster and more effectively we can address the issue. Ideally, your report should include:
-
Type of vulnerability (e.g., buffer overflow, code injection, memory leak)
-
Location of the affected code (e.g., branch, commit hash, file path, URL)
-
Step-by-step instructions to reproduce the issue
-
Proof-of-concept (PoC) or exploit code (if available) Impact assessment, including how an attacker might exploit the issue
We will acknowledge receipt of your report and keep you informed of our progress. At the very least, we will notify you once a fix has been released.
If you wish, we will credit you in the release notes for the patch. Let us know in your report whether you'd like to be acknowledged or remain anonymous.