Do NOT open a public GitHub issue for security vulnerabilities.
Report privately with:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
We respond within 48 hours.
| Version | Supported |
|---|---|
| 0.1.x | ✅ Yes |
- Stellar signature verification logic (
src/auth/auth.service.ts) - JWT token handling
- API authentication guards
- Prisma database queries (SQL injection prevention)
- Soroban RPC interaction (
src/stellar/stellar.service.ts)
- Third-party dependency vulnerabilities
- Issues requiring physical access