Do not open public GitHub issues for security vulnerabilities.
Send a private report with reproduction details, impact, and any suggested mitigation to the project maintainers through a private channel before public disclosure.
Please include:
- A clear description of the issue
- Affected components and versions
- Reproduction steps or a proof of concept
- Expected impact
We will review the report, confirm severity, and coordinate a fix and disclosure timeline.
Security reports are especially useful for:
- Authentication and authorization flaws
- Tenant isolation issues
- Secret handling and credential exposure
- Injection vulnerabilities
- Remote code execution paths
- Sensitive data leakage