If you believe you have found a security vulnerability in this repository, please report it privately so we can address it before public disclosure.
Preferred channel: GitHub Private Vulnerability Reporting
Email fallback: security@evolution-api.com
Please include:
- A description of the issue and its potential impact
- Steps to reproduce (proof of concept if possible)
- Affected versions, commits, or files
- Your assessment of severity
We aim to acknowledge new reports within 2 business days and to provide an initial remediation plan within 7 business days for high or critical severity issues.
In scope:
- This repository (
evo-ai-processor-community) and its published artifacts - Credentials or secrets committed to the repository or its history
- Authentication, authorization, and data-handling defects
Out of scope:
- Third-party services integrated via documented APIs (report to the respective vendor)
- Issues that require physical access or social engineering of our team
We will not pursue legal action against researchers who:
- Make a good-faith effort to avoid privacy violations, data destruction, or service disruption
- Report the issue privately using the channels above before any public disclosure
- Give us a reasonable window to remediate before disclosure
Thank you for helping keep Evolution API and its users safe.