Please do not open a public issue for security vulnerabilities.

Contact: Use GitHub's private vulnerability advisory or email the maintainer via guidobatan.com.

We will acknowledge receipt within 48 hours and provide a resolution timeline within 7 days of triage.

• Source code in src/nsr_engine/
• Model fetching scripts in scripts/
• Contract integrity mechanism (src/nsr_engine/contract/)

• Vulnerabilities in upstream ONNX weights or InsightFace models
• Issues requiring physical access to the machine