If you believe that you have found a security vulnerability, please do not open a public issue.
Open a private Security Advisory in the affected repository and include enough detail for the issue to be reproduced and assessed:
- Affected repository, version, or commit
- Prerequisites or configuration required to reproduce
- Step-by-step reproduction details or proof of concept
- Expected vs. actual behavior
- Potential impact or severity
Do not disclose the issue publicly until it has been reviewed and resolved.