ccpulse is a single-user CLI. A vulnerability typically means local-privilege misuse — keychain access, filesystem writes, or JSONL parsing.

Report vulnerabilities through GitHub's private advisory: https://github.com/martinciu/ccpulse/security/advisories/new

Do not file public issues for security reports.