If you have found a possible vulnerability, please do not open a public issue.

Instead, use GitHub's private vulnerability reporting to submit your findings.

While we sincerely appreciate and encourage reports of suspected security problems, Kagan does not currently run any bug bounty programs.

Critical vulnerabilities will be disclosed via GitHub's security advisory system.