Only the latest release is supported with security fixes.

Please do not open a public issue for security vulnerabilities.

Report vulnerabilities privately using GitHub Security Advisories. You will receive an acknowledgement within 7 days.

In scope:

• Vulnerabilities in the userscript itself: anything that could exfiltrate data, execute untrusted input, weaken the page's security posture, or be abused by a third party (e.g. injection through crafted post content reaching the script's DOM handling)

Out of scope:

• Vulnerabilities in the underlying website or platform; report those to the platform operator
• Vulnerabilities in userscript managers (Tampermonkey, Userscripts, etc.); report those to their respective projects
• Issues requiring physical access or social engineering

Once a fix is released, vulnerabilities will be publicly disclosed via a GitHub Security Advisory. Credit will be given to the reporter unless anonymity is requested.