Skip to content

Security: Apt-Security-Management/apt-asset-categorizer

Security

SECURITY.md

Security Policy

Reporting a Vulnerability

If you discover a security vulnerability in this tool, please report it responsibly.

Contact: security@aptsecuritymanagement.com

Do not open a public GitHub issue for security vulnerabilities. Send a private email with:

  • A description of the vulnerability
  • Steps to reproduce
  • Potential impact
  • Your suggested fix (optional)

We will acknowledge your report within 2 business days and aim to ship a fix within 14 days for verified issues.

Scope

This tool is 100% client-side. There is no server, no database, and no backend. The only outbound network request is the optional lead-capture form rendered via the VITE_CTA_EMBED_HTML Zoho embed. Findings in scope include:

  • XSS via user input
  • Sensitive data exposure via localStorage
  • CSP bypass
  • Dependency vulnerabilities with exploitable attack surface

Supported Versions

Version Supported
Latest Yes
Older No

There aren't any published security advisories