Only the latest release of Deluge is supported with security updates.
| Version | Supported |
|---|---|
| latest | ✅ |
| < latest | ❌ |
Do NOT open public issues for security vulnerabilities.
If you discover a security vulnerability in Deluge, please report it responsibly:
- Preferred: Use GitHub Security Advisories to create a private report.
- Alternative: Email the maintainers directly with details of the vulnerability.
- Description of the vulnerability
- Steps to reproduce
- Affected versions
- Potential impact
- Suggested fix (if any)
- Acknowledgment: Within 48 hours of receipt
- Assessment: Within 7 days
- Fix & Disclosure: Within 90 days (coordinated responsible disclosure)
We follow a 90-day responsible disclosure timeline. If a fix is not released within 90 days, the reporter may disclose the vulnerability publicly.
Deluge is a parser and formatter for scan outputs. The following behaviors are features, not bugs:
- Parsing Nmap XML, stdout, and RustScan output formats
- Spawning Nmap processes in interactive mode (user-initiated with explicit flags)
- Exporting scan results to multiple file formats
- Displaying color-coded terminal output with service details
- Providing HackTricks enumeration guide links for discovered services
These capabilities exist by design for legitimate security testing workflows. Reports that simply describe Deluge working as intended will be closed.
Deluge is intended for authorized penetration testing, security research, and educational purposes only. Users are responsible for ensuring they have proper authorization before scanning any systems.