Security Policy Report vulnerabilities by opening a security advisory on GitHub or emailing the maintainers. Please do not disclose publicly until a fix is available.