| Version | Supported |
|---|---|
| latest | β |
If you discover a security vulnerability in Scrape Dojo, please report it responsibly.
Do NOT open a public GitHub issue for security vulnerabilities.
Instead, please use one of the following methods:
- GitHub Security Advisories (preferred): Report a vulnerability
- Email: Contact the maintainer directly via GitHub profile
- π A description of the vulnerability
- π Steps to reproduce the issue
- π₯ Potential impact
- π‘ Suggested fix (if any)
- π¬ Acknowledgment within 48 hours
- π Status update within 7 days
- π§ Fix timeline depends on severity:
- π΄ Critical: Patch within 48 hours
- π High: Patch within 7 days
- π‘ Medium/Low: Patch in next release
The following are in scope:
- π Authentication bypass (JWT, OIDC, API keys)
- π Secret/credential exposure
- π» Remote code execution
- ποΈ SQL injection
- π Cross-site scripting (XSS) in the UI
- π Server-side request forgery (SSRF)
- β¬οΈ Privilege escalation
- π¦ Vulnerabilities in dependencies (please report upstream)
- π’ Issues requiring physical access
- π Social engineering attacks
- π Denial of service (DoS) attacks
- π Always set a strong
SCRAPE_DOJO_ENCRYPTION_KEYandSCRAPE_DOJO_AUTH_JWT_SECRET - π Never expose the application to the public internet without authentication enabled
- π³ Keep your Docker images up to date
- π Use HTTPS when deploying in production