🌐 Language: English · Español
Weftmap parses arbitrary, user-submitted source code through a public API
endpoint (/api/analyze). We take the security of the project and its users
seriously and appreciate responsible disclosure.
Weftmap is a continuously deployed web application. Only the latest version
running on the main branch (and its current production deployment) is
supported. Please report issues against the latest code.
Do not open a public GitHub issue for security vulnerabilities.
Report privately through either of these channels:
- GitHub Security Advisories (preferred): open a private report at Security → Report a vulnerability.
- Email: deleonalonso77@gmail.com.
Please include:
- A clear description of the issue and its impact.
- Steps to reproduce (a minimal proof of concept if possible).
- Affected endpoint, file, or component.
- Any suggested remediation, if you have one.
- Acknowledgement within 5 business days.
- An initial assessment and severity estimate after triage.
- Updates on remediation progress until the issue is resolved.
- Credit in the advisory once a fix ships, unless you prefer to stay anonymous.
Please give us reasonable time to address the issue before any public disclosure. Thank you for helping keep Weftmap and its users safe.