Security fixes are provided for the latest released @memongo/* package
versions and the current main branch.
Please do not open a public issue for a suspected vulnerability.
Use GitHub private vulnerability reporting for this repository. If that channel is unavailable, contact the maintainer via the GitHub profile at github.com/romiluz13.
Valid reports will be acknowledged within 7 business days. A fix timeline will be communicated after triage; critical issues affecting live deployments will be prioritised.
Include:
- affected package or app,
- reproduction steps,
- impact,
- whether secrets or memory data may be exposed.
We will acknowledge valid reports as quickly as possible and coordinate a fix before publishing details.