Please do not open a public GitHub issue for security vulnerabilities.

Instead, contact the maintainers privately with:

• a clear description of the issue
• affected versions or commits
• reproduction steps or a proof of concept
• any suggested mitigation if you have one

If the repository later adds a dedicated security contact address, this document should be updated to point to it.

• Give maintainers reasonable time to investigate and prepare a fix.
• Avoid sharing exploit details publicly until a fix or mitigation is available.