We only provide security patches for the latest release.

⚠️ Please do NOT open a public GitHub issue for security vulnerabilities.

If you discover a security vulnerability in DLLHijackHunter, please report it responsibly through GitHub Security Advisories:

1. Go to the Security tab of this repository.

2. Click "Report a vulnerability" and fill out the form with:

   • A description of the vulnerability
   • Steps to reproduce the issue
   • Potential impact assessment
   • Any suggested fixes (optional)

3. Expected response time: We will acknowledge your report within 48 hours and aim to provide a fix or mitigation within 7 days for critical issues.

4. Disclosure: We kindly ask that you give us reasonable time to address the issue before making it public. We will credit you in the fix release (unless you prefer to remain anonymous).

The following are in-scope for security reports:

• Vulnerabilities in DLLHijackHunter's own code
• Canary DLL template issues that could cause unintended harm
• Privilege escalation within the tool itself
• Data leakage from scan reports

The following are out of scope:

• DLL hijacking vulnerabilities found by the tool in third-party software (report those to the affected vendor)
• Issues requiring physical access to the machine
• Social engineering attacks

DLLHijackHunter is a defensive security tool. It is designed to help security professionals identify and remediate DLL hijacking vulnerabilities. Use this tool only on systems you own or have explicit authorization to test.

Misuse of this tool for unauthorized access is illegal and strictly prohibited.