# Security Policy

## Supported Versions

Security fixes are provided for the latest released version.

## Reporting a Vulnerability

Please report vulnerabilities privately using GitHub Security Advisories:

- https://github.com/DebaA17/CVE-scanner-cli/security/advisories/new

Do not open public GitHub issues for security vulnerabilities.

Please include the following in your report when possible:

- A clear description of the issue
- Steps to reproduce
- Impact assessment
- Suggested remediation (if known)

## Optional: Encrypted Disclosure (PGP)

If you need to share sensitive details, you can encrypt your message with this public key:

- https://keys.openpgp.org/vks/v1/by-fingerprint/B521D1095C63E077EAE854E96805708F78A19272

Fingerprint (verify before use):

- B521 D109 5C63 E077 EAE8 54E9 6805 708F 78A1 9272

## Disclosure Process

- Reports will be acknowledged as quickly as possible.
- A fix timeline will depend on severity and complexity.
- Once resolved, an advisory and/or release notes update may be published.