This policy covers the Aria agent code in this repository (backend/agents/, backend/, ui/).
It does not cover:
- Aegra runtime (upstream — report to the Aegra project)
- n8n-mcp (upstream — report to the n8n-mcp project)
- n8n itself (upstream — report to the n8n project)
Please do not open a public issue for potential vulnerabilities.
Use one of these private channels:
-
GitHub private advisory (preferred): Go to the repository → Security tab → "Report a vulnerability". GitHub keeps this private until a fix is published.
-
Email: leandro@pessini.me
- Description of the issue and potential impact
- Steps to reproduce (proof-of-concept if possible)
- Affected versions or commits
- Any suggested fix (optional but appreciated)
We aim to acknowledge reports within 72 hours and provide a resolution timeline within 7 days.
We follow coordinated disclosure. Please allow reasonable time to address the issue before any public disclosure.