If you find a security vulnerability in our project, please report it so we can verify it.

On GitHub you can use the "Report a Vulnerability" button under the "Security" tab to create a private report. If the vulnerability has low impact it's fine to report it as a public issue instead.

Alternatively, email the main contributors directly or contact them via Discord if you prefer.

vgmstream uses a rolling release model, so only the latest (HEAD) releases are supported.

Tagged releases are published at semi-regular intervals based on the latest commits, and may be used as a reference.