I take security vulnerabilities seriously. I appreciate your efforts to responsibly disclose your findings, and I will make every effort to acknowledge your contributions.
Please do not report security vulnerabilities through public GitHub issues.
Instead, please report suspected vulnerabilities, exposed credentials, or sensitive data by emailing the security contact at:
You may also use GitHub's private vulnerability reporting feature if it is enabled on the repository.
To help me triage your report quickly, please include as much of the following information as possible:
- The affected repository, file, workflow, or service.
- A clear description of the concern.
- Steps to reproduce or verify the issue, when safe to share.
- Any known exposure of credentials, private records, or sensitive data.
Maintainers will review reports, limit public disclosure while the issue is assessed, and coordinate a fix when needed.