The CertVault team takes security bugs seriously. We appreciate your efforts to responsibly disclose findings and will acknowledge your contributions.
- Use the GitHub Security Advisory "Report a Vulnerability" form
- For third-party module vulnerabilities, contact the module maintainer or use the npm security contact form for npm libraries or Maven Security Advisory for Maven libraries
- Critical issues can also be reported via email to: lihaolin13@outlook.com
- Initial response within 24-48 hours
- Periodic updates during investigation/patching
- Coordinated public disclosure after patch release
- CVE assignment for confirmed vulnerabilities
For details on our security notification flow, see our Security WG Governance Docs.
- Java security guides: OWASP Java Security Cheatsheet
- Certificate management security: NIST SP 800-52
- JavaScript security: OWASP JavaScript Security Cheat Sheet
- Vue.js security: Vue Official Security Guide
- Vite build security: Vite Security Configuration
⚠️ Never disclose sensitive security details in public GitHub issues or discussions