We take the security of Pump Up seriously, and we're grateful to the researchers and developers who help us keep it safe.
Please report security issues privately — not through public issues or discussions.
Two ways to reach us:
- Email security@pumpup.com, or
- Open a private security advisory on this repo.
Include as much as you can — what you found, how to reproduce it, and the potential impact. That helps us triage fast.
- We'll acknowledge your report promptly and keep you updated as we investigate.
- Because the code here is authored upstream and mirrored, fixes are made in our monorepo and flow back to this repo on the next sync.
- We'll coordinate disclosure timing with you and credit you for the find, if you'd like.
Thank you for helping protect Pump Up and the people who rely on it. 🔒