Skip to content
vanityURLs
EN FR

Reporting a Vulnerability

If you discover a security vulnerability in vanityURLs

Please report it responsibly with GitHub Security Advisories


Do not open a public GitHub issue for security vulnerabilities

vanityURLs has a minimal attack surface by design:

  • No server, all logic runs as static files on Cloudflare’s edge
  • No runtime dependencies, the redirect file is plain text
  • No user input processing, there is no backend to compromise
  • Secrets (if any) live only in Cloudflare environment variables, not in the repository

The scope covers:

  • The vanityURLs CLI scripts (lnk, make targets)
  • The website documentation (vanityURLs.link)

It does not include:

  • Cloudflare ecosystem, report to Cloudflare directly
  • Sites built with vanityURLs by third parties

What to include

  • A description of the vulnerability and its potential impact
  • Steps to reproduce the issue
  • Any relevant code, configuration, or screenshots

Response timeline

We aim to acknowledge reports within 72 hours and provide a remediation timeline within 7 days.