If you discover a security vulnerability in Cerid AI, please report it responsibly.
Email: security@cerid.ai
Please include:
- A description of the vulnerability
- Steps to reproduce
- Potential impact
- Any suggested fix (optional)
- Acknowledgment: within 48 hours
- Initial assessment: within 5 business days
- Fix or mitigation: as soon as practical, typically within 30 days
This policy applies to the code in this repository. Third-party dependencies are monitored via Dependabot and CI security scanning (bandit, pip-audit, Trivy, npm audit).
| Version | Supported |
|---|---|
| Latest release | Yes |
| Older releases | Best effort |
We follow coordinated disclosure. Please do not open public issues for security vulnerabilities.