Thank you for helping keep this project secure. Please follow the guidance below to report security vulnerabilities.
Reporting
- Preferred: use GitHub Security Advisories for private disclosure.
- If you cannot use GitHub, send an email to security@your-domain.example (replace with a monitored address).
What to include
- Affected versions
- Steps to reproduce or PoC
- Impact and attack surface
- Any suggested mitigations
Response
- We will acknowledge receipt within 3 business days and work with you to coordinate disclosure.
Notes
- Do not include exploit code in public issue trackers. Use private channels or GitHub Security Advisories.