AEO Radar is in early development. Only the latest release on main receives security fixes.

Do not open a public GitHub issue for a security problem.

Report privately via GitHub's private vulnerability reporting:

1. Go to the repository's Security tab.
2. Click Report a vulnerability.
3. Describe the issue, the affected version, a reproduction, and the expected impact.

You'll get an acknowledgement within 7 days. If the issue is confirmed, we'll coordinate a fix and a disclosure timeline with you (typically 30–90 days depending on severity).

• Code-execution / injection via crawler inputs, analysis prompts, or dashboard queries.
• Credential or profile leakage (cookies, auth tokens, persistent browser profiles).
• SQL injection / path traversal in any API route.
• Dashboard XSS.
• Supply-chain concerns in bundled dependencies.

• Automated bot-detection countermeasures on third-party AI services (that's the whole point of the stealth plugin).
• Account bans from ChatGPT / Gemini / other providers — see the Disclaimer.
• Rate-limit handling beyond what's already in BaseCrawler.
• Issues in third-party dependencies — please report those upstream first; we'll bump the version once there's a fix.

Reporters who follow this process will be credited in the release notes (optional, we'll ask first).