To report a security vulnerability in any 21.dev project, please use GitHub Security Advisories:
- Navigate to the affected repository.
- Open the Security tab and click Report a vulnerability.
Do not file a public issue.
When reporting, please include:
- A description of the vulnerability
- Affected project(s) and version(s)
- Steps to reproduce or a proof of concept
- Potential impact assessment
We will acknowledge receipt within 7 days and provide an initial assessment as soon as possible.
Individual 21.dev projects may publish their own SECURITY.md with supported versions, upstream dependencies, and threat-model notes. When present, the project-specific policy takes precedence.
We follow coordinated disclosure practices. Please allow reasonable time for investigation and remediation before public disclosure.