If you discover a security vulnerability in markbase, please report it responsibly.
Do not open a public issue.
Email security@markbase.io with:
- A description of the vulnerability
- Steps to reproduce
- Impact assessment
We will acknowledge your report within 48 hours and aim to resolve critical issues within 7 days.
- Authentication and authorization (GitHub OAuth, MCP tokens)
- Share link encryption and access control
- Database access and injection
- Cross-site scripting (XSS) in markdown rendering
- Vulnerabilities in third-party dependencies (report upstream)
- Rate limiting and denial of service
- Social engineering