Report security vulnerabilities privately via GitHub Security Advisory. Do NOT create public issues for security vulnerabilities.