If you find a security vulnerability, please do not open a public issue.
Email security@florexlabs.com with:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
We will respond within 48 hours.
- URL injection or SSRF in the crawler
- Command injection via user input
- Sensitive data exposure in embeddings or logs
- Dependency vulnerabilities
- Crawler is restricted to same-origin by default
- No shell execution from user-controlled input
- Local embeddings stay on your machine
- URLs are sanitized and normalized