At URLert, we believe in "Transparency over Obscurity." By making the client-side source code for URLert Guard available for inspection, we aim to provide the highest level of trust for our users. We welcome responsible disclosure from the security community.
Please do not report security vulnerabilities through public GitHub issues.
If you discover a potential security bypass or vulnerability in URLert Guard or our API, please report it privately:
- Email: support@urlert.com
- Expected Response: We aim to acknowledge all reports within 48 hours and provide a timeline for resolution within 5 business days.
To help us triage quickly, please include:
- A brief description of the vulnerability.
- Step-by-step instructions to reproduce (PoC).
- The potential impact (e.g., detection bypass).
This policy covers the URLert Guard browser extension source code, the api.urlert.com endpoints, and the urlert.com authentication flow.
- Avoid any actions that may degrade service performance (DoS/DDoS).
- Do not attempt to access or modify data belonging to other users.
- Give us a reasonable amount of time to fix the issue before public disclosure.
For significant, responsibly disclosed vulnerabilities, we are happy to provide public attribution (with your consent).
Last Updated: March 2026