Security

Found a vulnerability? Please report it privately using the form below. Do not open a public issue.

Scope

atrak.dev: website bugs, auth issues, or unsafe content flows.
Project repos: vulnerabilities in our public code and releases.
Out of scope: social engineering, denial-of-service, or attacks on third-party services.

Responsible Disclosure

Please give us time to investigate and fix before sharing publicly.
Only test on systems you own or have permission to test.
Don’t access or modify other people’s data.

What to Include

Where it happens (repo/page URL, component, version).
Clear steps to reproduce.
Impact (what can an attacker do?).
Any proof-of-concept notes (no real secrets).

Privacy Note

This form can be anonymous. If you want follow-up, optionally include a contact email. Please do not include passwords, tokens, or private user data in the report.

Severity

Affected project

Relevant link (optional) Report details

0/2400

Contact email (optional)

Leave contact email blank to stay anonymous.