Do not open a public issue or pull request for a suspected vulnerability.
Use the repository's Security tab and select Report a vulnerability to create a private GitHub security advisory. Include the affected route or component, reproduction steps, impact, and any suggested mitigation. Remove credentials, personal data, contact submissions, comment bodies, and production database records from the report.
The report will be acknowledged and assessed privately before any coordinated disclosure.
Only the code currently deployed from the main branch is supported.