Security Policy
May 25, 2026 ยท View on GitHub
Supported Versions
Security fixes are applied to the main branch. Historical snapshots are not
guaranteed to receive backported fixes.
Reporting a Vulnerability
Please report security issues privately. Do not open a public issue for unpatched vulnerabilities.
Report to:
- colbyleider at gmail dot com
Please include:
- Affected component or file paths
- Reproduction steps or proof of concept
- Impact assessment
- Any suggested mitigations
You should receive an acknowledgment within 5 business days.
Scope Notes
pvx includes command-line tools and DSP code. Reports should include expected
and observed behavior and whether the issue affects integrity, availability,
confidentiality, or supply-chain trust.