If you discover a security vulnerability in dbcli, please report it responsibly.

Do NOT open a public GitHub issue for security vulnerabilities.

Instead, please email: [email protected]

Include:

• Description of the vulnerability
• Steps to reproduce
• Potential impact
• Suggested fix (if any)

• Acknowledgement: within 48 hours
• Initial assessment: within 7 days
• Fix release: depends on severity, typically within 30 days

Security issues we care about:

• SQL injection through CLI inputs
• Blacklist bypass (accessing protected columns/tables)
• Configuration file permission issues
• Credential exposure in logs or exports
• Dependency vulnerabilities

Thank you for helping keep dbcli safe.