Only the latest release gets fixes. Older versions are not patched. Check the releases page for what's current.

Please do not open a public GitHub issue for security problems. Open a private security advisory with:

• A description of the issue
• Steps to reproduce
• Your InstallerClean version and Windows version

You'll get an acknowledgement within a few days. Fixes will be shipped in a point release.

InstallerClean runs with administrator privileges and touches the Windows Installer database. Of particular interest:

• Anything that could cause Move or Delete to act on files outside C:\Windows\Installer or its subfolders
• Anything that could cause a registered file to be flagged as removable
• Path traversal or TOCTOU issues around the Move destination

Out of scope:

• Windows SmartScreen warnings or antivirus heuristic flags on unsigned binaries (see the releases page for VirusTotal scan hashes)
• Issues that require prior administrator access to exploit