Security

Reporting a vulnerability

Email security@namidb.com with details. Please do not open a public GitHub issue for security reports.

What we ask for

• A clear description of the vulnerability.
• Steps to reproduce.
• Affected versions (engine, Python, server, Docker image).
• Suggested mitigation if you have one.

What we’ll do

1. Acknowledge within 72 hours.
2. Triage and confirm.
3. Develop a fix on a private branch.
4. Coordinate a release window with you.
5. Publish a security advisory + patched releases.
6. Credit you in the advisory (unless you’d rather stay anonymous).

Scope

In-scope:

• The NamiDB engine (all crates in github.com/namidb/namidb)
• The Python bindings
• namidb-server and its Docker image
• The CLI

Out-of-scope (please report to the relevant vendor):

• Third-party dependencies (tokio, object_store, etc.) — report upstream first; we’ll bump versions on disclosure.
• NamiDB Cloud (namidb.com) — covered under our Cloud bug bounty; contact security@namidb.com for scope.

Disclosure

NamiDB follows coordinated disclosure. We aim to ship a patched release before public disclosure, then publish a CVE + advisory once patched versions are available.

See also

• Full SECURITY.md in the engine repo: github.com/namidb/namidb/blob/main/SECURITY.md