Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.

Instead, report suspected vulnerabilities privately to the repository owner through GitHub security reporting if enabled, or by opening a private security advisory/contacting the owner directly through GitHub.

When reporting a vulnerability, please include:

• a description of the issue
• affected repository or component
• steps to reproduce or validate the issue
• potential impact
• any suggested remediation, if known

Reports will be reviewed as quickly as possible. Valid reports will be investigated privately, and fixes will be coordinated before public disclosure when appropriate.

Please avoid sharing exploit details publicly until a fix or mitigation is available.