This is the organization-level security policy for all repositories under the rdapify GitHub organization.
Do not open a public GitHub issue for security vulnerabilities.
| Channel | Use for | Response target |
|---|---|---|
| security@rdapify.com | All repositories, all severities | 48 hours |
| emergency@rdapify.com | Critical or actively exploited | 4 hours |
For repository-specific reporting (GitHub Security Advisories), use the links in the table below.
Each repository has its own security policy tailored to its components and risk profile.
| Repository | Package | SECURITY.md | Advisory page |
|---|---|---|---|
| rdapify/rdapify | rdapify (npm) |
View | Report |
| rdapify/rdapify-rs | rdapify (crates.io), rdapify-nd, rdapify-py |
View | Report |
| rdapify/RDAPify-Pro (private) | @rdapify/pro (npm) |
Contact security@rdapify.com | Report |
| Package | Supported versions |
|---|---|
rdapify (npm) |
0.3.x ✅, 0.2.x ✅ (security fixes), 0.1.x ❌ |
rdapify (crates.io) |
0.2.x ✅, 0.1.x ❌ |
rdapify-nd |
0.1.3 ✅ |
rdapify-py |
0.2.1 ✅ |
@rdapify/pro |
0.2.x ✅, 0.1.x ❌ |
All repositories follow coordinated responsible disclosure with a maximum 90-day embargo. Fixes are released as patch versions with a ### Security section in CHANGELOG. CVEs are requested for confirmed vulnerabilities.
Last reviewed: 2026-03-25 · security@rdapify.com