Report security issues privately via GitHub Security Advisories when available. If unavailable, contact maintainers via repository metadata.

Do not publicly disclose vulnerabilities until a fix is released.