Please do not report vulnerabilities in public issues, pull requests, or discussions.
Use GitHub Security Advisories for private vulnerability disclosure:
If advisory submission is unavailable, contact the maintainer privately through GitHub:
- Acknowledgement target: within 72 hours
- Initial triage/update target: within 7 days
- Ongoing status updates: at least every 14 days until resolved