Security Policy

Reporting a Vulnerability

Draft a new security advisory online, or report security issues to alexandre@alapetite.fr (PGP public key if relevant).

AI-assisted security scanning

Include:

Which AI tool was used
Whether you are yourself a user of FreshRSS

Recommendations:

Check duplicates in existing public PRs, issues, discussions, documentation
Consider submitting a public PR if the vulnerability was mostly found by a public AI

Inspiration from https://lkml.org/lkml/2026/5/17/896:

AI detected bugs are pretty much by definition not secret, and treating them on some private list is a waste of time for everybody involved - and only makes that duplication worse because the reporters can't even see each other's reports.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Security

SECURITY.md

Security Policy

Reporting a Vulnerability

AI-assisted security scanning

There aren't any published security advisories

Security: Aloklok/freshrss-patch

Security

SECURITY.md

Security Policy

Reporting a Vulnerability

AI-assisted security scanning

There aren't any published security advisories