Please do not open public issues for vulnerabilities. Send a concise report to the repository owner through the private GitHub security advisory flow.

Include affected versions, reproduction steps, impact, and any proposed fix. Never include credentials, personal financial data, private datasets, or other secrets in an issue, commit, benchmark artifact, or model checkpoint.