Project: Sportify API
Maintainer: TRABY CASPER · CASPER TECH
Contact: xcasper.space
| Version | Supported |
|---|---|
| 1.x (current) | ✅ Active |
If you discover a security vulnerability in Sportify API, please do not open a public GitHub issue. Instead, report it responsibly using one of the following methods:
- GitHub Private Advisory — Open a Security Advisory on this repository
- Direct contact — Reach out via xcasper.space
Please include:
- A clear description of the vulnerability
- Steps to reproduce
- Potential impact
- Any suggested fix if available
| Stage | Timeframe |
|---|---|
| Acknowledgement | Within 48 hours |
| Initial assessment | Within 5 days |
| Fix or mitigation | Within 14 days (depending on severity) |
| Public disclosure | After fix is deployed |
- Authentication or token exposure vulnerabilities
- Server-side injection issues
- Denial of service vulnerabilities
- Information disclosure issues
- Vulnerabilities in Spotify's own platform
- Issues related to data accuracy or availability
- Rate limiting bypass (this API intentionally has no rate limits)
We appreciate responsible disclosure and will acknowledge your contribution in the release notes if you agree. We do not currently offer a bug bounty programme, but we sincerely value the security community's efforts.
© 2025 CASPER TECH · TRABY CASPER