| Version | Supported |
|---|---|
| 1.x | ✅ |
| < 1.0 | ❌ |
Please do NOT report security vulnerabilities through public GitHub issues.
Instead, please send an email to open@agentcost.in with:
- Description of the vulnerability
- Steps to reproduce
- Impact assessment
- Any suggested fixes
We will acknowledge your report within 48 hours and provide a detailed response within 5 business days.
- AgentCost Python SDK and API server
- TypeScript SDK
- Dashboard (XSS, CSRF, etc.)
- Docker images and configurations
- Enterprise auth (SSO/SAML bypass, token issues)
- Third-party dependencies (report to the respective project)
- Social engineering attacks
- Denial of service attacks