If you discover a security vulnerability in Sniff, please report it responsibly.
Do NOT open a public GitHub issue for security vulnerabilities.
Instead, email boudjemaa.adam@gmail.com with:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
You will receive a response within 48 hours. We will work with you to understand and address the issue before any public disclosure.
Sniff runs locally on your machine. Security concerns include:
- Path traversal in CLI arguments or config
- Code injection via malformed config files
- Unsafe browser operations in the exploration module
- Dependency vulnerabilities in the supply chain
| Version | Supported |
|---|---|
| 0.6.x | Yes |
| <0.6 | No |