If you discover a security issue in whyEXT, report it privately via:
Please do not open public issues for vulnerabilities.
Examples of issues that should be reported:
- Privilege misuse in extension scripts
- Sensitive data leakage via logs, storage, or network requests
- Unsafe handling of extension messages
- Injection opportunities (DOM/script injection)
- Supply-chain/dependency vulnerabilities in runtime tooling
- Generic browser bugs not caused by this project
- Social engineering scenarios without a project defect
- Vulnerabilities in third-party services unrelated to whyEXT code
Please include:
- Affected files/components
- Reproduction steps
- Impact assessment
- Proof of concept (if available)
We will investigate and coordinate a fix before public disclosure.
Only the latest main branch is guaranteed to receive security fixes during
early development.