Please report vulnerabilities privately to the maintainers before public disclosure.

• Do not open public issues for active vulnerabilities.
• Include reproduction steps and impact.