Please do not open public issues for suspected vulnerabilities.
Use GitHub private vulnerability reporting from this repository's Security tab. If that is unavailable, email the maintainer listed on the repository profile with a short description and a way to contact you privately.
Include:
- affected version or commit
- steps to reproduce
- impact and any known exploit constraints
- whether the report can be shared publicly after a fix is available
We aim to acknowledge valid reports within 72 hours.