Please do not report security vulnerabilities through public GitHub issues.

Instead, open a GitHub Security Advisory — this keeps the report private until a fix is available.

Include:

• Description of the vulnerability
• Steps to reproduce
• Potential impact

We aim to respond within 5 business days.