Skip to content

Security: getmunin/munin

SECURITY.md

Security Policy

Reporting a vulnerability

Please email security@getmunin.com with details. Do not open a public issue for security reports.

We aim to acknowledge within 72 hours and provide a remediation timeline within 7 days for confirmed issues.

Scope

In scope:

  • Munin backend (NestJS app, MCP server, OAuth server, REST API)
  • Munin web (Next.js dashboard/landing)
  • Munin packages (@getmunin/*)
  • Default Docker compose self-host configuration

Out of scope:

  • Third-party services and your hosting provider — report to those vendors directly
  • Customer-side AI runners and integrations

There aren't any published security advisories