KemonoDownloader is actively maintained, and security updates are provided for the latest release (currently v3.0.0 and above). We recommend using the most recent version to ensure you have the latest security fixes.

If you discover a security vulnerability in KemonoDownloader, we encourage responsible disclosure to protect our users. We take security seriously and appreciate your help in keeping the project safe.

• Preferred Method: Email the maintainers at [email protected] with a detailed description of the vulnerability. Please include:
  • A clear explanation of the issue (e.g., potential data leak, injection vulnerability).
  • Steps to reproduce the issue, if known.
  • The potential impact (e.g., unauthorized access, data exposure).
  • Any suggested mitigations, if applicable.
• Alternative: Use the Security Report issue template on our Issues page. However, we strongly recommend private reporting via email to avoid public disclosure before a fix is available.
• Sensitive Matters: For highly sensitive issues, you may open a private issue labeled "Security Violation" on the Issues page, visible only to maintainers.

• Acknowledgment: We will acknowledge your report within 48 hours.
• Investigation: We will investigate and validate the issue within 7 days, prioritizing critical vulnerabilities.
• Resolution: If confirmed, we will develop and release a fix as soon as possible, typically within 14 days for critical issues. We will keep you updated on progress.
• Disclosure: We will coordinate with you on public disclosure after a fix is deployed, if necessary.
• Credit: With your permission, we will credit you in release notes or a security advisory for your responsible disclosure.

• Responsible Disclosure: Do not publicly share details of the vulnerability until we have addressed it.
• No Exploitation: Avoid exploiting vulnerabilities in ways that harm users, creators, or the project (e.g., unauthorized data access or disruption).
• Ethical Use: Respect the intellectual property rights of creators and adhere to the terms of service of Kemono.su and related platforms (e.g., Patreon, Pixiv Fanbox), as outlined in our README.
• Follow Community Standards: Adhere to our Contributing Guidelines and Code of Conduct. Do not include unverified links or promotional content in reports, as they will be considered spam and may lead to restrictions.

To use KemonoDownloader securely:

• Always use the latest version (check Releases).
• Keep your Python environment (3.9+) and dependencies (requirements.txt) up to date.
• Run KemonoDownloader in a secure environment, avoiding untrusted networks or exposed credentials.
• Comply with the ethical use guidelines in our README to respect creators’ rights and avoid legal risks.

For security-related questions or follow-ups, email [email protected] or open a private issue labeled "Security Violation."

Thank you for helping keep KemonoDownloader and its community safe!