If you discover a security vulnerability in the YON VS Code extension, please report it responsibly:
- DO NOT file a public GitHub issue.
- Email office@younndai.com with:
- A description of the vulnerability and its potential impact
- Steps to reproduce, or a proof of concept (if safe to share)
- Affected versions
- Suggested severity: Critical, High, or Moderate
Responsible disclosure preserves the safety of every downstream user.
| Action | SLA |
|---|---|
| Acknowledgement | 72 hours |
| Initial assessment | 7 calendar days |
| Remediation or advisory | 30 calendar days |
Critical issues are prioritized and may be patched ahead of the stated window where feasible.
The latest released version of the extension on the VS Code Marketplace and Open VSX Registry is supported. Security fixes land on the current release line; older lines are upgraded forward rather than back-patched unless otherwise noted in an advisory.
We commit to:
- Acknowledging your report within the timeline above
- Working with you to verify and reproduce the vulnerability
- Coordinating a public disclosure date that gives users time to update
- Crediting you in the security advisory (unless you prefer anonymity)
© 2026 MARLINK TRADING SRL (YounndAI).