Please do not open a public GitHub issue for security vulnerabilities.

Instead:

• Send a private report to the maintainers (preferred), or
• If you cannot reach maintainers, open a draft advisory (GitHub Security Advisories).

Include:

• A description of the issue and impact
• Steps to reproduce
• Affected versions/commits (if known)
• Any mitigations or suggested fixes