Please do not report security issues publicly - attackers might use such public information to exploit vulnerabilities before a fix can be developed and deployed.
Instead, please use private vulnerability reporting offered by GitHub for our repositories:

- navigate to the repository’s "Security and quality" section on GitHub,
- click on "Report a vulnerability" and
- follow the private vulnerability reporting flow.
Please include:
- a description of the issue
- affected versions, commits, or components
- reproduction steps or a proof of concept (as far as possible)
- impact and any suggested mitigation
We will:
- acknowledge reports promptly
- assess severity and impact
- work on a fix or mitigation
- coordinate disclosure responsibly
Response and remediation times may vary depending on report complexity, maintainer availability, and release timing.
Thank you for helping disclose vulnerabilities responsibly!
The Apache License does not apply to the logos, (including the A-SIT logo) and the project/module name(s), as these are the sole property of A-SIT/A-SIT Plus GmbH and may not be used in derivative works without explicit permission!