Skip to content

Security: SyedAnas01/mcp-safeguard

Security

SECURITY.md

Security Policy

Supported Versions

Version Supported
0.3.x
0.2.x
0.1.x

Reporting a Vulnerability

If you discover a security vulnerability in mcp-safeguard itself, please report it via:

  1. GitHub Security Advisories (preferred): Go to Security → Advisories → New advisory
  2. Email: anasmohiuddinsyed@gmail.com

Please do not open a public GitHub issue for security vulnerabilities.

What to Include

  • Description of the vulnerability
  • Steps to reproduce
  • Potential impact
  • Suggested remediation (if any)

Response Timeline

  • Acknowledgment: Within 48 hours
  • Initial assessment: Within 7 days
  • Fix or mitigation: Within 90 days

Responsible Disclosure

We follow coordinated vulnerability disclosure. We will:

  • Acknowledge your report promptly
  • Work with you to understand the issue
  • Patch and release fixes
  • Credit you in the changelog (unless you prefer anonymity)

CVE Assignments

For significant vulnerabilities we discover in third-party MCP servers, we file CVEs through MITRE following 90-day coordinated disclosure. Past disclosures are documented in the changelog.

There aren't any published security advisories