Do not open a public GitHub issue for security vulnerabilities.

Report using GitHub Security Advisories (Security tab > Report a vulnerability). You will receive acknowledgement within 72 hours. We target a patch within 30 days for critical issues, 90 days for others. We follow coordinated disclosure, we will notify you before public disclosure.

In scope: bypass of detection logic, privilege escalation via the CLI, dependency vulnerabilities, unsafe handling of pcap input.

Out of scope: theoretical attacks with no practical path, issues in lab/ scenarios (test code only).

Security fixes are applied to the latest released minor version.