Skip to content

Report a Vulnerability

Report suspected vulnerabilities privately. Do not open public issues for credential exposure, policy bypass, unsafe execution, exploitable operational failures, or other security defects.

ChannelUse for
GitHub private advisoryOpen-source Caracal vulnerabilities: https://github.com/Garudex-Labs/caracal/security/advisories/new
EmailSensitive reports, attachments, patches, exploit demonstrations, or enterprise-related reports: support@garudexlabs.com

Enterprise-related vulnerabilities must be reported by email, not GitHub advisories.

Subject: [SECURITY][caracal] Short description
1. Summary
2. Steps to reproduce
3. Impact
4. Affected area
5. Suggested fix
6. Attachments

Keep reports clear, reproducible, and private. Do not include secrets in public channels or public pull requests.

The maintainers aim to review and respond within up to 7 days. Resolution timing depends on complexity and validation needs. Public disclosure should wait until a fix or mitigation is available or maintainers decide not to address the issue.