Please do not open a public issue for security vulnerabilities.

Instead, use GitHub's private vulnerability reporting to report the issue confidentially.

We will acknowledge your report within 72 hours and work with you on a fix before any public disclosure.