Please do not open public issues for security reports.
Use one of these:
- GitHub private vulnerability reporting (preferred, if enabled), or
- Email: security@YOURDOMAIN (replace this)
Please include:
- What you found and where
- Steps to reproduce
- Potential impact
- A safe proof-of-concept (if possible)
We aim to acknowledge reports within 72 hours and provide a fix or mitigation plan as soon as possible.