Skip to content

Security: Vortex-OS/Vortex-Issues

Security

Report a vulnerability

SECURITY.md

Vortex Security Vulnerability Report

Security Policy

The Vortex team takes security vulnerabilities seriously. We appreciate your efforts to responsibly disclose your findings and will make every effort to acknowledge your contributions.

Reporting a Vulnerability

If you believe you've found a security vulnerability in Vortex, please report it using one of the following methods:

Option 1: GitHub Private Vulnerability Report

Submit a private vulnerability report through GitHub's security advisory feature.

Option 2: Email Security Team

Send a detailed report to security@vortexos.net

Option 3: Contact the Owner via Discord

Send a direct message to Evicly on Discord with details about the vulnerability.

What to Include in Your Report

Please include the following information in your vulnerability report:

## Vulnerability Description
[Provide a clear and concise description of the vulnerability]

## Steps to Reproduce
1. [First Step]
2. [Second Step]
3. [Additional Steps...]

## Impact
[Describe the potential impact of this vulnerability if exploited]

## Affected Components
[Specify which parts of Vortex are affected]

## Screenshots/Proof of Concept
[If applicable, add screenshots or code demonstrating the vulnerability]

## Possible Mitigations
[If you have suggestions for how to address the issue]

## Your Contact Information
[How the security team can reach you if they have questions]

Guidelines and Expectations

Please:

  • Report the vulnerability as soon as possible
  • Provide clear details to help us understand and reproduce the issue
  • Keep information about the vulnerability confidential until it's fixed
  • Allow reasonable time for us to respond and address the issue
  • Limit your testing to your user account, minimize user impact.

Don't:

  • Access or modify other users' data
  • Execute or attempt denial of service attacks
  • Publicly disclose the vulnerability before we've had time to address it
  • Attempt to leverage the vulnerability for personal gain

Compensation

While we don't have a formal bug bounty program, we recognize the value of security research. For particularly significant security findings that could have a major impact on our users' safety or data integrity, we may offer compensation at our discretion. The compensation will be determined based on the severity and impact of the vulnerability.

What Happens Next

After you submit a report:

  1. You'll receive acknowledgment of your report within 48 hours
  2. The security team will investigate and validate the issue
  3. We'll maintain communication with you about the status of your report
  4. Once resolved, we may offer recognition for your contribution (with your permission)

Thank you for helping keep Vortex secure!

© 2025 Vortex. All rights reserved.

There aren’t any published security advisories