Please report vulnerabilities privately to maintainers before public disclosure.

• Preferred contact: repository security advisory or private maintainer contact.
• Include reproduction steps and impact.
• You will receive an acknowledgement and triage response.