Please do not open a public issue for security vulnerabilities.

Instead, report them privately via GitHub's security advisory feature.

You can expect an acknowledgement within 48 hours and a fix or mitigation plan within 7 days for confirmed issues.