555e282cc4
ci / changelog_check (push) Waiting to run
ci / check_changes (push) Waiting to run
ci / build_mem0 (3.10) (push) Blocked by required conditions
ci / build_mem0 (3.11) (push) Blocked by required conditions
ci / build_mem0 (3.12) (push) Blocked by required conditions
CLI Node CI / lint (push) Waiting to run
CLI Node CI / test (20) (push) Waiting to run
CLI Node CI / test (22) (push) Waiting to run
CLI Node CI / build (push) Waiting to run
CLI Python CI / lint (push) Waiting to run
CLI Python CI / test (3.10) (push) Waiting to run
CLI Python CI / test (3.11) (push) Waiting to run
CLI Python CI / test (3.12) (push) Waiting to run
CLI Python CI / build (push) Waiting to run
openclaw checks / lint (push) Waiting to run
openclaw checks / test (20) (push) Waiting to run
openclaw checks / test (22) (push) Waiting to run
openclaw checks / build (push) Waiting to run
opencode-plugin checks / build (push) Waiting to run
pi-agent-plugin checks / lint (push) Waiting to run
pi-agent-plugin checks / test (20) (push) Waiting to run
pi-agent-plugin checks / test (22) (push) Waiting to run
pi-agent-plugin checks / build (push) Waiting to run
TypeScript SDK CI / check_changes (push) Waiting to run
TypeScript SDK CI / changelog_check (push) Blocked by required conditions
TypeScript SDK CI / build_ts_sdk (20) (push) Blocked by required conditions
TypeScript SDK CI / build_ts_sdk (22) (push) Blocked by required conditions
TypeScript SDK CI / integration_ts_sdk (20) (push) Blocked by required conditions
TypeScript SDK CI / integration_ts_sdk (22) (push) Blocked by required conditions
49 lines
1.9 KiB
Markdown
49 lines
1.9 KiB
Markdown
# Security Policy
|
|
|
|
We take the security of Mem0 and our community seriously. Thank you for helping
|
|
keep Mem0 and its users safe by disclosing vulnerabilities responsibly.
|
|
|
|
## Reporting a Vulnerability
|
|
|
|
Please **do not** report security vulnerabilities through public GitHub issues,
|
|
pull requests, or discussions.
|
|
|
|
If you believe you have found a security vulnerability in Mem0, please report it
|
|
privately through one of the following channels:
|
|
|
|
1. **GitHub Private Vulnerability Reporting** — open a
|
|
[private security advisory](https://github.com/mem0ai/mem0/security/advisories/new)
|
|
directly on this repository.
|
|
2. **Email** the maintainers at **support@mem0.ai** with the subject line:
|
|
|
|
`SECURITY: Mem0 vulnerability report`
|
|
|
|
To help us triage and resolve the issue quickly, please include as much of the
|
|
following as you can:
|
|
|
|
- Affected component or package (e.g. Python SDK, TypeScript SDK, server, OpenMemory)
|
|
- Affected version, tag, or commit
|
|
- Clear, step-by-step reproduction instructions
|
|
- The security impact and a proof of concept, if available
|
|
- Any suggested fix or mitigation
|
|
|
|
## Response Process
|
|
|
|
- We will acknowledge receipt of your report within **72 hours**.
|
|
- We will work with you privately to confirm the issue and assess its impact.
|
|
- Once a fix or mitigation is ready, we will coordinate a disclosure timeline
|
|
with you and credit you for the discovery, unless you prefer to remain anonymous.
|
|
|
|
## Public Disclosure
|
|
|
|
Please avoid sharing technical details of the vulnerability publicly until the
|
|
maintainers have reviewed the issue and a fix or mitigation has been released. We
|
|
are committed to resolving valid reports promptly and keeping you informed
|
|
throughout the process.
|
|
|
|
## Supported Versions
|
|
|
|
We release security fixes against the latest published version of each package.
|
|
Whenever possible, please reproduce the issue on the most recent release before
|
|
reporting.
|