We take the security of ADB Explorer seriously. Security updates are provided for the following versions:

We appreciate responsible disclosure of security vulnerabilities. There are multiple ways to report a security issue:

1. Navigate to the Security tab of this repository
2. Click on "Report a vulnerability"
3. Fill in the details of the vulnerability
4. Submit the report

This method ensures:

• The vulnerability remains private until a fix is released
• Automatic CVE assignment through GitHub
• Proper credit for the discovery
• Coordinated disclosure process

If you prefer not to use GitHub's vulnerability reporting system, you can:

• Open a public issue with the label "bug" (for non-critical vulnerabilities)
• Contact the maintainer directly through GitHub

When reporting a vulnerability, please include:

1. Description: Clear description of the vulnerability
2. Steps to Reproduce: Detailed steps to reproduce the issue
3. Impact: Potential impact and severity assessment
4. Proof of Concept: If applicable, code or screenshots demonstrating the issue
5. Suggested Fix: If you have ideas for remediation (optional)

• Initial Response: Within 48 hours of report
• Status Update: Within 7 days with assessment and timeline
• Fix Development: Depends on severity and complexity
• Disclosure: After fix is available and deployed

When a vulnerability is reported via GitHub's private reporting system:

1. Report Received: Maintainer receives notification
2. Assessment: Vulnerability is assessed for severity and impact
3. Accept & Draft: Maintainer accepts the report and opens it as a draft advisory
4. Fix Development: Code fix is developed and tested
5. Review: Reporter can review the fix in the advisory
6. Publish: Advisory is published along with the fixed release
7. CVE Assignment: GitHub automatically assigns a CVE ID

If you're unable to access the GitHub Security Advisory page (e.g., due to antivirus blocking):

1. Try a Different Browser: Use an alternative browser or private/incognito mode
2. Disable Antivirus Temporarily: Some AV software may block the GitHub Security page
3. Use GitHub Mobile: Try accessing from the GitHub mobile app
4. Clear Browser Cache: Clear cache and cookies, then retry
5. Check Browser Extensions: Disable security-related browser extensions temporarily
6. Alternative Network: Try accessing from a different network or device

If you cannot access GitHub's advisory system:

1. Implement and commit the security fix
2. Ask the reporter to submit details directly to MITRE
3. Reference your fix commit in the CVE request
4. The reporter can still receive credit for the discovery

Security researchers who responsibly disclose vulnerabilities will be:

• Credited in the release notes
• Mentioned in the security advisory (if using GitHub's system)
• Listed in this file's Hall of Fame section

We'd like to thank the following security researchers for their responsible disclosure:

• @blankshiro - For reporting a security vulnerability (February 2026)
• @AgentMisterious - For reporting a security vulnerability (February 2026)

If you're contributing code to ADB Explorer, please:

1. Never commit sensitive data (credentials, API keys, etc.)
2. Validate and sanitize all user inputs
3. Use parameterized queries to prevent injection attacks
4. Keep dependencies up to date
5. Follow secure coding practices
6. Run security scans before submitting PRs

For urgent security matters that cannot be handled through the normal channels, you may attempt to contact the repository owner through GitHub's direct messaging system.

This security policy was generated by GitHub Copilot to establish a formal vulnerability reporting process for this repository.