| Version | Supported |
|---|---|
| 1.x | Yes |
| < 1.0 | No |
If you discover a security vulnerability in CAIMS, please report it responsibly.
Do NOT open a public GitHub issue for security vulnerabilities.
Instead, send an email to: security@pixels-trade.com
Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
We will acknowledge receipt within 48 hours and provide a detailed response within 5 business days.
The following are in scope:
- API endpoints (
/api/*) - Authentication and authorization logic
- Input validation and sanitization
- Database query injection
- Rate limiting bypass
- Prompt injection in scoring engine
We follow coordinated disclosure. We ask that you:
- Allow us reasonable time to fix the issue before public disclosure
- Do not access or modify other users' data
- Do not perform denial-of-service attacks
We maintain a security acknowledgments section for responsible disclosures (with your permission).