| Version | Supported |
|---|---|
| latest | ✅ Yes |
We take the security of FlipTrack seriously. If you discover a security vulnerability, please report it responsibly.
Instead, please email us at: rushikeshbobade2025@gmail.com
Include the following in your report:
- Description of the vulnerability
- Steps to reproduce the issue
- Potential impact (what could an attacker do?)
- Suggested fix (if you have one)
| Step | Timeline |
|---|---|
| Acknowledgement | Within 48 hours |
| Initial Assessment | Within 1 week |
| Fix & Disclosure | Coordinated with reporter |
The following are in scope for security reports:
- Authentication bypass or session hijacking
- SQL injection or database exposure
- Cross-Site Scripting (XSS)
- Sensitive data exposure (API keys, user data)
- Server-Side Request Forgery (SSRF)
- Authorization flaws (accessing other users' data)
- Vulnerabilities in dependencies that are already publicly known (please check if a fix exists first)
- Issues that require physical access to a user's device
- Social engineering attacks
When contributing code, please ensure:
- Never hardcode secrets — Use environment variables via
.env - Validate all user input — Especially in route
action()handlers - Use Prisma parameterized queries — Never concatenate raw SQL strings
- Check authorization — Always verify
userIdownership in database queries - Keep dependencies updated — Run
npm auditperiodically
Thank you for helping keep FlipTrack secure! 🔒