Important
Please test using the CI build of Flatpak or AppImage before reporting a vulnerability. If the artifact is unavailable, run a manual build from source.
It's quite possible that the fix is already in the repository with changes since the latest release.
Warning
Please don't report security vulnerabilities with full details in public GitHub issues.
If you believe you have found a security issue in Lenspect:
- Open a draft security advisory via GitHub Security Advisories, or
- Contact me by creating a blank issue and describing that it's a security-sensitive matter.
I'll acknowledge your report and work with you to understand and address it. Fixes are released in normal versioned releases; critical issues may be disclosed after a patch is available.
- In scope: the Lenspect codebase (this repository), including how it handles your VirusTotal API key and scan data.
- Out of scope: vulnerabilities in dependencies (see below) or in VirusTotal itself should be reported to those projects.
Lenspect relies on the following; security issues in them should be reported to the respective upstream projects:
| Dependency / service | Upstream |
|---|---|
| GNOME Platform | GNOME GitLab |
| GTK | GNOME GitLab |
| Libadwaita | GNOME GitLab |
| libsoup | GNOME GitLab |
| libsecret | GNOME GitLab |
| VirusTotal | Support / API docs |
Use of VirusTotal is subject to their Terms of Service and Privacy Notice.