Please report vulnerabilities via GitHub Security Advisories.

• Do not open public issues for suspected security problems.
• Use the "Report a vulnerability" feature on the GitHub repository.
• Provide a clear description and, if possible, minimal reproduction steps.

The maintainers (@rismay) will review and respond according to severity.