Security Policy Report security issues privately by opening a private advisory or contacting the maintainer directly. Do not file public issues for vulnerabilities.