This project is maintained as a static online tools website.
Security fixes are applied to the latest version published on the official site and to the default branch of this repository.
Older copies, forks, mirrors, and self-hosted deployments are not actively supported.
If you discover a security vulnerability, please do not open a public issue.
Please report vulnerabilities using GitHub's private vulnerability reporting feature.
When reporting a vulnerability, please include:
- A clear description of the issue
- Steps to reproduce it
- The affected page or tool
- Any proof-of-concept input, if applicable
- Your browser and operating system, if relevant
I review reports as time allows and will try to respond as soon as possible.
Examples of security issues include:
- Cross-site scripting (XSS)
- Unsafe handling of user-provided files or URLs
- Dependency vulnerabilities that affect the published site
- Problems that could expose user data
This project runs tools locally in the browser whenever possible. Please avoid submitting sensitive data to public issues or third-party services when preparing a report.
The following are generally out of scope:
- Vulnerabilities only affecting unofficial forks, mirrors, or modified deployments
- Issues requiring a compromised browser, extension, local device, or user account
- Reports without enough information to reproduce
- Automated scanner reports without a demonstrated impact
- Social engineering, phishing, or physical attack scenarios
- Denial-of-service reports without a realistic impact on the published site
Thank you for helping keep this project safe.