The following versions of OpenNANDLab are currently supported with security updates.

If you discover a security vulnerability in OpenNANDLab, please do not disclose it publicly.

Instead, please send an email to our security team. We will review the issue and respond as quickly as possible (usually within 48 hours) to coordinate a fix.

1. Describe the vulnerability in detail.
2. Provide a proof of concept or instructions to reproduce the vulnerability.
3. If applicable, describe potential mitigations.

We will work with you to test the fix and announce the patch properly.

OpenNANDLab is a research and simulation platform. While it does not process production user data, we still take vulnerabilities seriously—particularly those that might:

• Allow arbitrary code execution via malicious configuration payloads (e.g., untrusted YAML).
• Cause unintended file system access or damage during simulations.
• Expose system environment variables or telemetry inappropriately.

We use yaml.safe_load and rigorous Pydantic validation to mitigate these risks. Please report any bypasses of these protections.