Security

Report a vulnerability

SECURITY.md

Reporting security vulnerabilities

If you find a security vulnerability in our code, do not make an issue for it. Instead, go to the Security tab and report it there so it's not visible to the public.

TTLLVBTA (Things that look like vulnerabilities but aren't)

.env files - These are for firebase, and we have controls so that the production database can't be accessed when not on our vercel hosting
.yml or .yaml files - These are actions for GitHub.

Personal Information
GHSA-jqw3-xp2v-c5xv published Oct 15, 2025 by snoopythe3-from-scratch

High
Forks can publish articles
GHSA-775w-g375-pjff published Sep 15, 2025 by snoopythe3-from-scratch

High
Simple request can create a category & publish articles by any user
GHSA-h5rj-2466-qr23 published Aug 24, 2025 by snoopythe3-from-scratch

Critical
Username Stored in Plain text
GHSA-9q4f-4vjm-7gp2 published Aug 23, 2025 by snoopythe3-from-scratch

Moderate
Reflected cross-site scripting
GHSA-hgh4-pj74-f5rr published Jul 16, 2025 by snoopythe3-from-scratch

Moderate
Cross-Site Scripting (XSS) Potential Vulnerability
GHSA-25wp-g9g6-7fr9 published Jul 15, 2025 by snoopythe3-from-scratch

Low

Learn more about advisories related to The-Scratch-Channel/tsc-web-client in the GitHub Advisory Database