Please do not report security issues publicly - attackers might use such public information to exploit vulnerabilities before a fix can be developed and deployed.
Instead, please use private vulnerability reporting offered by GitHub for our repositories:
- navigate to the repository’s "Security and quality" section on GitHub,
- click on "Report a vulnerability" and
- follow the private vulnerability reporting flow.
Please include:
- a description of the issue
- affected versions, commits, or components
- reproduction steps or a proof of concept (as far as possible)
- impact and any suggested mitigation
We will:
- acknowledge reports promptly
- assess severity and impact
- work on a fix or mitigation
- coordinate disclosure responsibly
Response and remediation times may vary depending on report complexity, maintainer availability, and release timing.
Thank you for helping disclose vulnerabilities responsibly!