Please do not open a public GitHub issue for security vulnerabilities.
Use GitHub's private vulnerability reporting to submit a report confidentially:
Include as much of the following as possible:
- Description of the vulnerability and its potential impact
- Steps to reproduce
- Affected version (visible in the report header or via
python3 security_agent.py --version) - Any suggested fix or mitigation
You can expect an initial response within 5 business days. We aim to release a fix and coordinate disclosure within 90 days of receiving a valid report.