Do not open a public issue for security problems.
Use GitHub private vulnerability reporting (Security → Report a vulnerability) on the affected repo, or email security@cogitave.com.
Please include: affected component/version, impact, and reproduction steps.
- Acknowledgement within 2 business days.
- Triage + severity (CVSS) and remediation plan; coordinated disclosure.
- We credit reporters unless anonymity is requested.
Security fixes target the latest released minor of each product. See each repo's SECURITY.md for product-specific scope.