Report vulnerabilities privately — not in public issues.
- Open a GitHub Security Advisory (preferred).
- If that is unavailable, use the org’s documented private channel.
Extended notes (scope, threat model, supported versions): docs/security.md
Report vulnerabilities privately — not in public issues.
Extended notes (scope, threat model, supported versions): docs/security.md