Please report suspected vulnerabilities through GitHub private vulnerability reporting. Do not open a public issue or discussion for a vulnerability.
Include the affected component, the conditions needed to reproduce the issue, its likely impact, and a minimal reproduction when practical. Remove tokens, credentials, private repository contents, and other sensitive data before submitting the report.
The maintainers will review the report and coordinate any fix and disclosure with the reporter through the private advisory. Please allow time for that process before publishing details.
For setup help, feature requests, and non-sensitive bugs, use the repository's public issue tracker instead.