If you discover a security vulnerability, please report it privately via GitHub Security Advisories or open a private issue.

Do not disclose vulnerabilities publicly before review.