Thanks to server-side rendering, showmy.chat is mostly unaffected by most clientside security issues. That said, there are a couple of vectors we're especially mindful of:
- The use of clientside scripts, namely ComfyJS and Faker.js
- Vulnerabilities in build tooling that could impact developer workstations
To report a vulnerability, please file an issue on this project, or let us know in the Discord server. Please let us know the extent of the vulnerability and its impact, and provide as much detail as possible — including steps to reproduce/validate, if possible.