If you believe you have found a security vulnerability in any repository owned by the Akazukin-Team that matches Akazukin-Team's definition of a security vulnerability, please follow the instructions below to report it to us.
We follow the definition of a vulnerability provided by the MITRE Corporation. The full text is as follows:
An instance of one or more weaknesses in a Product that can be exploited, causing a negative impact on confidentiality, integrity, or availability; A set of conditions or behaviors that allows the violation of an explicit or implicit security policy.
Here are some examples of what we consider vulnerabilities:
- SQL Injection
- Remote Code Execution (RCE)
- Weak Credentials
- IoT Vulnerabilities
- etc...
Only the latest releases, including alpha and beta versions, are currently supported with security updates.
Please do not report security vulnerabilities through public GitHub issues.
- Send a report with the information described below to the Akazukin-Team Security email: Akazukin.Team+Security@gmail.com.
- After sending the email, notify us by creating a GitHub issue stating that you have sent the email (without including any other details).
Your email report should include as much of the following information as possible to help us better understand the nature and scope of the issue:
- Product information (application name, version, commit hash if possible)
- Type of issue (e.g., SQL injection, overflow, cross-site scripting, RCE, etc.)
- Full paths of the source file(s) related to the issue
- Location of the affected source code (tag/branch/commit or direct URL)
- Any special configuration required to reproduce the issue
- Step-by-step instructions to reproduce the issue
- Proof-of-concept or exploit code (if available)
- Potential impact and how an attacker might exploit the issue
Providing this information will help us address the vulnerability more quickly.
If you are a Japanese speaker, we prefer reports to be written in Japanese. Otherwise, please submit your report in English.