# Security Policy

## Reporting a Vulnerability

The WeKnora team takes security vulnerabilities seriously.  
We appreciate your efforts to responsibly disclose any security issues you discover.

⚠️ **Please do NOT report security vulnerabilities through public GitHub issues.**

### Preferred reporting method

We recommend reporting security vulnerabilities using GitHub’s private vulnerability reporting feature:

1. Go to the **Security** tab of this repository
2. Click **“Report a vulnerability”**
3. Fill in the details and submit the report

This allows us to discuss, investigate, and fix the issue privately.

### Alternative contact

If you are unable to use GitHub’s Security Advisory feature, you may contact the maintainers through the repository owners.

> Please avoid sharing sensitive information publicly.

### What to include in your report

To help us understand and resolve the issue quickly, please include:

- A clear description of the vulnerability
- Steps to reproduce (proof-of-concept if available)
- The affected version(s)
- Potential impact and severity
- Any suggested mitigations or fixes (if known)

### Response timeline

We aim to:
- Acknowledge receipt of your report within **48 hours**
- Provide a status update as the investigation progresses

### Coordinated disclosure

We kindly ask reporters to follow responsible disclosure practices and allow us reasonable time to address the issue before any public disclosure.

Thank you for helping keep **WeKnora** and its users secure.