If you find a security vulnerability in Breach Guard, please report it responsibly:
- Do not open a public GitHub issue
- Open a private security advisory on this repository
- Include steps to reproduce and potential impact
You will receive a response within 48 hours.
The following are in scope:
- The web application at breach-guard-theta.vercel.app
- The source code in this repository
- API endpoints under /api/
- Third-party services (XposedOrNot, HIBP) — report to those providers directly
- Social engineering
- Denial of service attacks
See the Security Architecture section in the README for details on how the application is designed to protect user data.