Do not open a public GitHub issue for security vulnerabilities.

Please report security issues by emailing [email protected] (or open a GitHub Security Advisory).

Include:

• Description of the vulnerability
• Steps to reproduce
• Potential impact
• Suggested fix (if any)

We will acknowledge receipt within 48 hours and aim to release a fix within 14 days for critical issues.

• Smart contracts (apps/contracts/)
• API routes (apps/web/src/app/api/)
• Authentication and key management

• Stellar network-level issues (report to Stellar Development Foundation)
• Third-party dependencies (report upstream)