Skip to content

Security: node-opcua/node-i3x

Security

SECURITY.md

Security Policy

We take the security of Node-i3x very seriously. If you believe you have found a security vulnerability, please do NOT file a public GitHub issue, and do NOT post details publicly.

Please report all security vulnerabilities using GitHub's Private Vulnerability Reporting mechanism. This ensures that the vulnerability is kept confidential until a patch is released and our members have been pre-notified and protected.


🔒 How to Report a Security Vulnerability Privately

  1. Go to the node-opcua/node-i3x repository on GitHub.
  2. Click on the Security tab under the repository name.
  3. In the left-hand sidebar, click on Advisories.
  4. Click on the Report a vulnerability button.
  5. Fill out the form with details, steps to reproduce, and any proof-of-concept code.
  6. Click Submit report.

Our security team will review your report immediately and coordinate a private fix and a security advisory release.


📧 Alternative Reporting

If you are unable to use GitHub's private advisory form for any reason, please email us directly and securely at security@sterfive.com.


🛡️ Early CVE Access & Remediation

Subscribers to the Node-OPCUA Membership Program receive advanced access to security vulnerability disclosures (CVEs) and pre-remediation patches before public announcement.

There aren't any published security advisories