Please do not open a public GitHub issue for security vulnerabilities.

Report privately via email to the project maintainer (see repository contact).

Include:

• Description of the vulnerability
• Steps to reproduce
• Potential impact
• Suggested fix (if any)

We will respond within 72 hours.