Skip to content

Security: thesumedh/vidbuddy

Security

security.md

Security Policy

Supported Versions

Version Supported
Latest ✅ Yes

Reporting a Vulnerability

If you believe you have found a security vulnerability in VidBuddy, please do not open a public GitHub issue.

Instead, please report it via a GitHub Security Advisory on this repository so it can be addressed confidentially.

Please include:

  • A description of the vulnerability
  • Steps to reproduce
  • Potential impact
  • Any suggested mitigations if known

You should receive a response within 72 hours. We will keep you informed as we work to resolve the issue.

Production Security Notes

  • VITE_* environment variables are bundled into the client-side JavaScript at build time. Never expose production API keys this way. Use a secure token-exchange backend proxy for production deployments.
  • Rotate your Azure Blob SAS token regularly. Use the shortest expiry window that works for your workflow.
  • Restrict your SAS token permissions to only what the app requires (GET, PUT, DELETE on the specific container).

There aren't any published security advisories