Please do not open a public GitHub Issue for security vulnerabilities.

Instead, report them via GitHub Security Advisories. This keeps the report private until a fix is ready.

Include as much detail as possible: what the vulnerability is, how to reproduce it, and its potential impact.