Security

Report a vulnerability

.github/SECURITY.md

Security Policy

We want normal collaboration to happen in public, but security vulnerabilities are the exception.

Public issues are welcome for

bugs that are not security-sensitive
feature requests
documentation problems
general product or developer experience feedback

Do not use public issues or pull requests for

security vulnerabilities
exploit details
reports that would put users, infrastructure, or maintainers at risk if disclosed publicly before a fix is available

How to report a vulnerability

Please report security concerns privately so they can be reviewed and addressed responsibly.

For security reports, contact: security@example.com

When possible, include:

affected repository and version
impact summary
reproduction details
any suggested remediation or mitigation

We will review the report, validate it, and coordinate remediation before any public disclosure.

There aren’t any published security advisories