Report security vulnerabilities via GitHub Security Advisories. Do not open public issues for security vulnerabilities.