Morphic is pre-alpha research software. If you discover a security vulnerability:
- Do NOT open a public issue.
- Email the maintainer directly or use GitHub's private vulnerability reporting.
- Include:
- Description of the vulnerability
- Steps to reproduce
- Impact assessment
- Suggested fix (if any)
Security concerns for Morphic include:
| Area | Concern |
|---|---|
| Code generation | Generated code must not contain injection vulnerabilities |
| LLM integration | Prompt injection through crafted specs |
| SMT solver | Z3 solver crashes or resource exhaustion |
| Parser | DoS via malformed .morph files |
| IR | Infinite recursion in synthesis engine |
| Version | Supported |
|---|---|
| v0.1.x (pre-alpha) | ⚠ Best effort |
We appreciate responsible disclosure. Contributors who report valid security issues will be acknowledged (with permission).