Please do not open public issues for security vulnerabilities.

Instead, report privately to repository maintainers with:

• vulnerability summary
• impact
• reproduction steps
• suggested remediation (if available)

• We will acknowledge receipt.
• We will reproduce and assess severity.
• We will ship a fix and publish coordinated notes when appropriate.

This app handles local credentials and session artifacts. Reports related to credential leakage, insecure storage, auth bypass, and unsafe logging are in scope.

Do not include real cookies/tokens in reports.