If a security vulnerability is found a new version of cvecli will be released that fixes the vulnerability. Security patches will
not be back ported, so you will need to updated to the latest version to get the fix.
If you have found a security vulnerability in cvecli then you can report it to [email protected] and I will aim to reply to you within 1 week (it could be sooner but it gives me some buffer for other life things that could come up).
When submitting a security vulnerability can you please ensure you include a PoC (proof of concept) explaining the impact of the vulnerability.
If you are attaching files to the email please ensure they are only .txt files any other file formats won't be accepted or read (mainly because my spam filter will delete them) :)