We take the security of the Parai Web project seriously. We appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your contributions.

If you believe you have found a security vulnerability in the Parai Web project, please do not report it via public GitHub issues.

Instead, please report it privately using GitHub’s security advisory feature:
👉 Report a vulnerability

Please include the following details with your report:

• A clear description of the vulnerability.
• Steps to reproduce the vulnerability.
• The specific URL or area of the website affected, if applicable.
• Any potential impact of the vulnerability.
• Your name and contact information (optional, for acknowledgment).

• We will acknowledge receipt of your vulnerability report within 48 hours.
• We will investigate the reported vulnerability and work to validate it.
• We will keep you informed of our progress.
• We will publicly acknowledge your responsible disclosure (unless you prefer to remain anonymous) once the vulnerability has been remediated.

We ask that you do not publicly disclose the vulnerability until we have had a reasonable amount of time to address it.

Thank you for helping keep the Parai Web project secure.