Hall of Fame.
Security researchers who have responsibly disclosed vulnerabilities in Santh software.
No entries yet — be the first.
We reward responsible disclosure with public credit, CVE acknowledgment, and where applicable, bounty. If you find a vulnerability in any Santh crate, you belong here.
Report a vulnerability →What qualifies
- Memory safety issues
- Authentication or authorization bypass
- Sandbox escape (ProcJail, Sear)
- Logic errors compromising security
- Cryptographic weaknesses (Envseal)
- Injection or path traversal (OpenPack)
- False negative evasion (Keyhog rules)
- Denial of service via algorithmic complexity
How it works
Find a vulnerability in any Santh open source project. Report it to security@santh.dev or santht@proton.me (encrypted). We respond within 24 hours.
Once verified and patched, you get a permanent entry on this page with your name, the CVE (if applicable), a description of the finding, and a link to your profile. We do not require you to waive anything. We do not gate recognition on NDAs.
Read our full responsible disclosure policy for the bright lines and commitments.