Please do not report security vulnerabilities through public GitHub issues.
If you discover a security vulnerability in Mesh AI, please report it by emailing:
Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
Alternatively, use our Mesh Discord, and ping any of the @Admins, their DMs are open. https://discord.gg/dH48jH3BKa
In scope: All code in this repository, including apps/docs, apps/meshjs-mcp, apps/rag-backend, and claude-skills.
Out of scope: Third-party dependencies without demonstrated impact, social engineering, DoS attacks.
Valid reporters will be credited in security advisories (unless you prefer anonymity).
Thank you for helping keep Mesh AI secure!