The ToolHive community takes security seriously! We appreciate your efforts to disclose your findings responsibly and will make every effort to acknowledge your contributions.
This repository contains RFCs (Request for Comments) and design documents for the ToolHive ecosystem. While RFCs themselves do not contain executable code, security considerations in RFC designs are important.
For security vulnerabilities in ToolHive implementations, please report them to the appropriate repository:
If you discover a security issue in an RFC design that could lead to vulnerabilities in implementations, please use the GitHub Security Advisory "Report a Vulnerability" tab.
If you are unable to access GitHub you can also email us at [email protected].
Include:
- The RFC number and title affected
- Description of the security concern
- Potential impact if the design is implemented as-is
- Suggested mitigations or design changes
Contact the team by sending email to [email protected].
The ToolHive community asks that all suspected vulnerabilities be handled in accordance with the Responsible Disclosure model.
If anyone knows of a publicly disclosed security vulnerability please IMMEDIATELY email [email protected] to inform us about the vulnerability so that we may start the patch, release, and communication process.