DO NOT open a public GitHub issue for security vulnerabilities.

Please report via GitHub's private vulnerability reporting: https://github.com/bolin8017/ReverseTool/security/advisories/new

Or email: polinlai.dev@gmail.com

• Acknowledgment: Within 48 hours
• Initial assessment: Within 1 week
• Fix release: Within 30 days for critical issues

In scope: Arbitrary code execution from crafted binaries, path traversal, dependency vulnerabilities, supply chain issues.

Out of scope: Crashes from malicious binaries (expected behavior), issues in Ghidra/Radare2 themselves (report upstream).