Security fixes are considered for the current default branch and the latest public release.
Older versions may not receive fixes unless the issue is severe and the patch is practical to backport.
Please do not open a public issue for vulnerabilities in NoMore403 itself.
Use one of these private reporting paths:
- Open a private vulnerability report through the repository's GitHub Security tab, if available.
- If private reporting is not available, contact the maintainer through the contact channel listed on the repository owner's GitHub profile.
Include as much of the following as you can:
- affected version or commit SHA
- operating system and architecture
- impact and attack scenario
- reproduction steps
- proof of concept, if safe to share privately
- whether the issue is already public or known elsewhere
- suggested fix, if you have one
Please do not include secrets, real third-party target data, customer data, or unrelated vulnerability details.
In scope:
- vulnerabilities in NoMore403's source code, release artifacts, build process, or documentation that could harm users
- command injection, unsafe file handling, unexpected network behavior, data exposure, or supply-chain risks caused by this project
- vulnerabilities in generated output that could mislead users into unsafe handling of sensitive data
Out of scope:
- access-control bypasses found on third-party websites using NoMore403
- reports about systems you are not authorized to test
- scanner output without a clear impact on NoMore403 itself
- denial-of-service reports that only involve intentionally scanning a target at high volume
Report findings on third-party targets to the target owner or their vulnerability disclosure program.
The maintainers will try to acknowledge valid private reports promptly, investigate the issue, and coordinate a fix before public disclosure.
Please allow reasonable time for triage and remediation before publishing details.
NoMore403 is intended for authorized security testing. Users are responsible for complying with applicable law, program rules, and organizational policy.