Report security issues privately by opening a GitHub Security Advisory.

Do not open a public issue for security vulnerabilities.

Include a description of the issue, steps to reproduce, and any relevant environment details. I'll respond within a few days and work toward a fix for confirmed vulnerabilities.