If you find a vulnerability in code, examples, documentation, or automation in this repository, please immediately contact veronica.burnz@proton.me.
Do not open a public issue containing active exploit details, secrets, or unresolved third-party vulnerability information.
This repository is a methodology project. It is not a place to publish unresolved vulnerabilities in third-party systems.
If Return Surface Analysis helps you find a third-party issue:
- preserve evidence,
- minimize access and testing,
- avoid exposing user data or secrets,
- report through the affected party's security channel,
- follow coordinated disclosure,
- publish details only after remediation or an agreed disclosure timeline.
Examples in this repository should be synthetic, anonymized, or based on already-public issues.