Thanks for helping keep this project safe.
Please do not open a public issue for a security vulnerability.
Report suspected vulnerabilities by opening a private security advisory on GitHub, or by contacting the maintainer through the public profile links. Include enough detail to reproduce the issue, including affected versions, environment, impact, and any relevant proof of concept.
The maintainer will review reports as time allows and may ask for additional details before confirming impact. Public disclosure should wait until a fix or mitigation is available.