Skip to content

Security: Alessandro624/oraculum

Security

SECURITY.md

Security Policy

Supported Versions

Version Supported
2.1.x Yes
2.0.x Yes
1.0.x No

Known Non-Vulnerabilities

The oracle may return incorrect answers. This is not a security vulnerability. It is the entire premise of the library.

The oracle may be confidently wrong. This is also not a security vulnerability. It is a known property of language models and also of several people we have met.

Reporting a Vulnerability

If you discover a genuine security vulnerability (for example: API key leakage, arbitrary code execution, or a dependency with a known CVE), please do not open a public issue.

Report it privately via GitHub's built-in vulnerability reporting: Security > Report a vulnerability on the repository page.

You can also reach the maintainers by email at the address listed in the GitHub profile. We will acknowledge the report within 72 hours and aim to publish a fix within 14 days depending on severity.

We do not currently offer a bug bounty. We can offer our sincere gratitude and a mention in the changelog, which is almost the same thing.

There aren't any published security advisories