If you discover a security vulnerability in whisperX-FastAPI, please report it as soon as possible to help keep the community safe.

• Do not open public issues for security vulnerabilities.
• Instead, please email the project maintainers at the contact address listed in the repository or use the GitHub security advisory feature.
• Provide as much detail as possible to help us quickly understand and address the issue.

We will investigate all reports and do our best to fix valid issues promptly. Once the vulnerability is resolved, we will coordinate disclosure with the reporter and acknowledge their contribution if desired.

We support only the latest stable release from the main branch (latest v* tag). Please ensure you are using the most recent tagged version before reporting a vulnerability.

• Always keep your dependencies up to date.
• Use strong, unique credentials for all services.

The transcription and diarization stack pulls in deep transitive machine-learning dependencies (whisperx → pyannote-audio, transformers). Two Dependabot advisories currently have no safe remediation and have been assessed and accepted as non-exploitable in this service's usage:

These advisories are re-evaluated whenever Renovate opens a security update PR, and will be upgraded as soon as a compatible, stable patched release is available.

Thank you for helping keep whisperX-FastAPI and its users secure!