| Version | Supported |
|---|---|
| 0.3.x | ✅ |
| 0.2.x | ❌ |
| 0.1.x | ❌ |
If you discover a security vulnerability in mcp-safeguard itself, please report it via:
- GitHub Security Advisories (preferred): Go to Security → Advisories → New advisory
- Email: anasmohiuddinsyed@gmail.com
Please do not open a public GitHub issue for security vulnerabilities.
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested remediation (if any)
- Acknowledgment: Within 48 hours
- Initial assessment: Within 7 days
- Fix or mitigation: Within 90 days
We follow coordinated vulnerability disclosure. We will:
- Acknowledge your report promptly
- Work with you to understand the issue
- Patch and release fixes
- Credit you in the changelog (unless you prefer anonymity)
For significant vulnerabilities we discover in third-party MCP servers, we file CVEs through MITRE following 90-day coordinated disclosure. Past disclosures are documented in the changelog.