This is a personal website. There is no software product to patch, but the site itself can have security issues worth reporting.
- Exposed secrets or credentials in the repository or site
- Vulnerable third-party dependencies (Python packages, GitHub Actions)
- Content injection or XSS in the rendered site
- Misconfigured headers, CSP, or access controls
Use GitHub's private vulnerability reporting for anything sensitive. For non-sensitive issues (broken links, public misconfigurations), open a regular issue.
I'll review reports as time allows. This is a personal project — no SLA, no bug bounty.