Security Advisories

When a security issue affects the Safeguard platform, we publish an advisory here once a fix or mitigation is available. This page is the public record that our coordinated-disclosure programme commits to.

What each advisory contains

A Safeguard advisory ID and any associated CVE identifier.
Affected components and version ranges.
Severity, with the CVSS vector we used to score it.
The fixed version (or the mitigation, if a fix is staged).
A timeline: report received, fix shipped, advisory published — and credit to the reporter where they want it.

Published advisories

No advisories have been published to date. When we issue one, it will appear here, and qualified customers are notified through their account contact. We would rather show an empty, honest list than pad it.

Report something

Found a vulnerability in the platform? Email security@safeguard.sh. Scope, out-of-scope items, and our safe-harbour commitment for good-faith research are in the Responsible Disclosure Policy. The machine-readable contact is published at /.well-known/security.txt, and reporters are credited on the acknowledgments page.