yuna0x0 Security

This page outlines our security policy, including how to report vulnerabilities, the scope of our security program, and our bug bounty program.

There are also sections for security advisories and a hall of fame to recognize contributors who help improve our security.

security.txt: https://yuna0x0.com/.well-known/security.txt

Contact: security (at) yuna0x0.com

PGP Key: https://yuna0x0.com/yuna0x0.asc

Policy

Reporting Vulnerabilities

You can report security vulnerabilities by sending an email to the contact address provided above. Please include the following information in your report:

• Summary: Short description of the vulnerability. Make the impact and severity clear.
• Details: Detailed description of the vulnerability. Pointing to the implicated source code or configuration is appreciated.
• PoC: Proof of concept code, configurations, or steps to reproduce the issue.
• Impact: Potential impact of the vulnerability and who it affects.

CVSS and CWE identifiers are appreciated.

Projects that are hosted on third-party platforms (e.g., GitHub) may also have their own issue trackers or security reporting mechanisms. Please refer to the specific project’s security policy if available.

Scope

1. Projects or products maintained by yuna0x0, including those hosted on:

• https://github.com/yuna0x0
• https://www.npmjs.com/~yuna0x0
• https://crates.io/users/yuna0x0
• https://pypi.org/user/yuna0x0/
• https://hub.docker.com/u/yuna0x0
• https://yuna0x0.itch.io
• https://store.steampowered.com/developer/yuna0x0

2. Arch Linux AUR packages maintained by yuna0x0:

• https://aur.archlinux.org/packages?SeB=m&K=yuna0x0

3. Network infrastructure and services maintained by yuna0x0, including:

• yuna0x0 Network / Fubuki Network (AS212279/AS212425)
• yuna0x0’s Misskey: https://fbk.moe
• Fubuki Analytics - Umami: https://analytics.fbk.moe
• yuna0x0 atproto PDS: https://yunya.pet
• yuna0x0 atproto PDS - Moderation Service: https://mod.yunya.pet

4. Other collaborative projects, products, or services where yuna0x0 is coordinating with vulnerability disclosure.

Bug Bounty Program

I’m currently unable to run a bug bounty program like those run by large companies. (╥﹏╥)

However, we can discuss something like gifting Discord Nitro, Steam games or commissioning artists as a reward for finding vulnerabilities :3

Advisories

• [yuna0x0/hackmd-mcp] Server-Side Request Forgery (SSRF) in HackMD MCP Server (CVE-2025-59155)

Hall of Fame

Currently, there are no contributors to the Hall of Fame.