We currently support the main branch. Please base security fixes on main.

• Do not open a public issue for security problems.
• Email the maintainers at the address listed in the repository profile or commit metadata with:
  • Description of the vulnerability and its impact
  • Steps to reproduce or proof of concept
  • Affected versions and environment details
• We will acknowledge receipt within 5 business days and aim to provide a fix or mitigation plan within 14 business days.

1. Report privately using the contact above.
2. Collaborate on a fix in a private fork or branch if needed.
3. We will publish a public advisory after a fix is available and users have guidance.

• NexumDB core (Rust)
• Nexum AI engine (Python)
• CLI client

Please include logs or stack traces if available and avoid sharing sensitive data beyond what is required to reproduce the issue.