Please report security issues privately. Do not open a public issue.
Email: security@21.gifts
Include:
- Description of the issue and its impact
- Steps to reproduce
- Affected versions or commit
- Suggested fix, if any
You will receive an acknowledgement within a few days. Once the issue is verified, we will work on a fix and coordinate disclosure with you.
In scope:
- This service (
api) and any subdomain it serves - The web frontend at
21gifts/app
Out of scope:
- Third-party NOSTR relays
- Third-party Lightning wallets / LN-Address providers
- Browser / OS / Passkey-authenticator vulnerabilities (please report to the respective vendor)
Coming soon.