If you find a security issue in Vibe, please report it responsibly.
We take security reports seriously and will do my best to review and address valid issues.

The preferred way to report a vulnerability is via GitHub’s Security Advisory – “Report a Vulnerability” feature.

• Please do NOT open a public GitHub issue for security-related reports.
• Include as much detail as possible so I can understand and reproduce the issue.

If you can’t use GitHub Security Advisories, you can also reach out to me directly via Vibe’s Discord channel (linked on the Vibe website) and send me a DM.
Please use this channel only for security-related matters.

After the initial report, I’ll reply with next steps and may ask for more details if needed.

Security fixes are provided only for the latest released version of Vibe.

If the issue is in a third-party dependency, it’s usually best to report it directly to the maintainers of that project as well.

Thanks for helping keep Vibe secure.