If you discover a security vulnerability in ALNUR, please do not open a public GitHub issue.

Instead, report it privately:

1. Go to the Security tab of this repository
2. Click Report a vulnerability
3. Provide a clear description, steps to reproduce, and potential impact

We will respond within 72 hours and aim to release a fix within 14 days for confirmed vulnerabilities.

Reports are welcome for:

• Remote code execution in the scanner itself
• Path traversal when scanning user-supplied paths
• Dependency confusion or supply chain issues
• False negative patterns that would cause ALNUR to miss critical vulnerabilities