| Version | Supported |
|---|---|
| 1.x | ✅ |
If you discover a security vulnerability in this MCP server, please report it responsibly:
- Do NOT open a public issue
- Email: security@ansvar.eu
- Include: description, reproduction steps, potential impact
We aim to acknowledge reports within 48 hours and provide a fix within 7 days for critical issues.
- Read-only: No write operations to the database
- No network calls: All data served from local SQLite
- No authentication: Public reference data only
- No secrets: No API keys or credentials required
- Input validation: All inputs sanitized before database queries
- SQL injection prevention: Parameterized queries throughout
Dependencies are monitored via GitHub Dependabot and updated regularly. Security scanning is enabled via GitHub Advanced Security (CodeQL + secret scanning).