NeuroHTTP is an open-source, high-performance AI-native web server built in C and Assembly.
Given its focus on low-level performance and networking, security is a top priority.
This document explains how to responsibly report vulnerabilities and how the team handles them.
If you discover a security vulnerability, please do not open a public GitHub issue.
Instead, contact the maintainer directly via:
- Email: [email protected]
- GitHub Security Advisories: Submit privately here
Please include as much detail as possible:
- Description of the vulnerability
- Steps to reproduce
- Potential impact or exploitation scenarios
- Suggested mitigations (if any)
Once a report is received:
- Acknowledgment: Youโll receive a confirmation within 48 hours.
- Investigation: The issue will be validated and analyzed (1โ5 business days).
- Fix & Release: A patch or mitigation will be prepared and tested.
- Disclosure: The vulnerability will be responsibly disclosed after a safe update is available.
This policy covers:
- Core server code (
src/) - Thread and memory management routines
- Networking stack and protocol handlers (HTTP/3, WebSockets, gRPC)
- Plugin and module interface (
plugins/) - Authentication, API key, and token mechanisms
It does not cover:
- Third-party libraries used (e.g., mbedTLS, protobuf-c)
- User-created plugins or modifications
We strongly encourage responsible, coordinated disclosure. Security researchers who follow this policy will receive full credit in release notes and acknowledgments.
If youโve found something critical, your contribution may also be featured in the "Security Hall of Fame" section of the README.
GUIAR OQBA ๐ฉ๐ฟ
Creator & Lead Developer of NeuroHTTP
Focused on AI infrastructure, performance, and security in low-level systems.
๐ง [email protected]
๐ https://github.com/okba14/NeuroHTTP
โPerformance without security is just an exploit waiting to happen.โ
โ NeuroHTTP Security Team