Security issues in any forgesworn repository should be reported via GitHub Security Advisories on the repository in question:
https://github.com/forgesworn/<repo>/security/advisories/new
Do not use public issue trackers for security reports.
You should receive an initial response within 72 hours. Confirmed issues will be prioritised over feature work and released as patch versions.
Individual repositories may define their own SECURITY.md with scope-specific detail (e.g. threat model links, supported version policies). This policy acts as the org-wide fallback.