Please report suspected vulnerabilities through GitHub private vulnerability reporting:

https://github.com/jturntdev/krypton/security/advisories/new

Do not open a public issue for a vulnerability report. Include the affected version, reproduction steps, expected impact, and any safe proof you can share.

Krypton is pre-1.0. Security fixes target the current main branch and the latest released tag.