SecurityResponsible disclosure
Responsible disclosure
and safe harbor.
Security matters to Levython. This page defines how researchers can report vulnerabilities safely and professionally.
Policy
Report security issues responsibly.
Security contact
info@levython.in
Accepted vulnerabilities
Authentication bugs, access control issues, XSS, SQL injection, exposed secrets, and serious configuration risks.
Out of scope
Social engineering, spam, physical attacks, DDoS, automated noisy scans, and issues without clear security impact.
Safe harbor
Good-faith research that avoids data damage, privacy violations, and service disruption will be handled constructively.
PGP key
PGP key will be added later for encrypted security reports.