If you identify a vulnerability in SegFlow CRM, do not publish exploitable details in a public issue.
- use GitHub private vulnerability reporting if it is available
- if it is not available, contact the project through GitHub without exposing sensitive data, full payloads, or secrets
- a concise description of the issue
- expected impact
- affected area: frontend, backend, authentication, database, or deployment
- steps to reproduce
- minimal evidence, such as logs or screenshots
This document covers vulnerabilities in the frontend, backend, published documentation, and versioned scripts in the repository.
For general support, usage questions, or suggestions, see SUPPORT.md.