We actively maintain security fixes for the latest release of deepgram-captions.
| Version | Supported |
|---|---|
| 1.x | Yes |
| < 1.0 | No |
The Deepgram team takes security issues seriously. We appreciate your efforts to responsibly disclose your findings, and we will make every effort to acknowledge your contributions.
Please do not report security vulnerabilities through public GitHub issues.
Instead, please report security vulnerabilities by email to:
Include as much of the following information as possible to help us better understand and resolve the issue:
- The type of issue (e.g., code injection, dependency confusion, path traversal)
- Full paths of source file(s) related to the manifestation of the issue
- The location of the affected source code (tag/branch/commit or direct URL)
- Any special configuration required to reproduce the issue
- Step-by-step instructions to reproduce the issue
- Proof-of-concept or exploit code (if possible)
- Impact of the issue, including how an attacker might exploit it
- You will receive an acknowledgement within 48 hours confirming receipt of your report.
- We will investigate the report and determine its severity and impact.
- We will work on a fix and coordinate a release timeline with you.
- Once the fix is released, we will publish a security advisory crediting you (unless you prefer to remain anonymous).
We aim to resolve critical issues within 7 days and will keep you informed throughout the process.
We ask that you:
- Give us reasonable time to investigate and fix the issue before disclosing it publicly.
- Avoid accessing, modifying, or deleting data that does not belong to you.
- Do not perform any attack that could harm the reliability or integrity of our services.
This security policy applies to the deepgram-captions Python package hosted at
https://github.com/deepgram/deepgram-python-captions.
For security issues related to Deepgram's hosted API services, please refer to the Deepgram Security Policy or contact security@deepgram.com.
We thank the security researchers and community members who help keep this project and the Deepgram ecosystem safe. Responsible disclosures will be credited in the relevant security advisory unless anonymity is requested.