If you discover a security vulnerability in FlowyML Notebook, please report it responsibly.

Do NOT open a public GitHub issue for security vulnerabilities.

Instead, please email us at:

📧 security@unicolab.ai

Include the following details:

• Description of the vulnerability
• Steps to reproduce
• Potential impact
• Suggested fix (if any)

• Acknowledgment within 48 hours.
• Assessment within 5 business days.
• Fix & Disclosure coordinated with the reporter.

We follow responsible disclosure principles and will credit reporters (with consent) in the CHANGELOG.

The following are in scope:

• The flowyml-notebook Python package
• The bundled React frontend
• The FastAPI server endpoints
• The CLI tools

The following are out of scope:

• Third-party dependencies (report upstream)
• The FlowyML core SDK (report to flowyml)