If you believe you’ve found a security vulnerability in EchoHub (for example: auth bypass, token leakage, file upload validation bypass, RCE, etc.), please do not open a public GitHub issue.
Preferred: use GitHub’s private vulnerability reporting ("Report a vulnerability"):
If that link is unavailable for your account, contact the maintainer via GitHub:
- A clear description of the issue and potential impact
- Reproduction steps or a proof-of-concept
- Affected versions / commit SHA
- Any relevant logs (with secrets removed)
I’ll acknowledge receipt, investigate, and work on a fix. Please avoid publicly disclosing details until a fix is available.