OpenCPN is a desktop application by design runnning with full privileges of the user. Any third party plugins are, by design, inheriting these privileges. Unknown sensor data sources, plugins from unknown 3rd party developers or data like charts from unknown sources should be treated with caution.

If you discover a security related issue in OpenCPN, please report it by opening an issue in our public tracker, however please do not publicly post exploits with harmful consequences (data destruction, etc.) and coordinate the handover of such material with the maintainers of the project.

If the issue is highly sensitive, you may instead contact the maintainers privately using the Github private vulnerability reporting feature.