Responsible security reporting for Avikal.
This page explains how to report suspected vulnerabilities in archive handling, cryptographic integration, credential flows, runtime packaging, file safety, or update behavior.
Responsible disclosure
Security reports should be specific, reproducible, and limited to the information needed to investigate the issue.
Relevant reports
Archive parsing, extraction safety, credential handling, packaging, update behavior, or runtime issues that could affect users.
Secret handling
Do not submit real passwords, recovery keyphrases, private archives, keyfiles, access tokens, or other live secrets.
Useful evidence
Include affected version, platform, expected impact, reproduction steps, and sanitized logs or screenshots when they help explain the issue.
How to report
A useful report should let the maintainers understand the risk, reproduce the behavior, and determine whether users need a fix, documentation update, or release action.
Describe the suspected vulnerability and the affected Avikal version.
Provide minimal reproduction steps using non-sensitive sample data.
Explain the security impact and whether the issue is already public.
Avoid public disclosure until the report has been reviewed and a remediation path is available.
Submit after preparing details
Use the security channel only for vulnerability reports. For general usage questions, use support instead.
Submit security report