OfficeCLI reads and writes .docx, .xlsx, and .pptx files, which may come from untrusted sources. If you discover a security vulnerability, please report it privately — do not open a public issue.

Preferred channel: use GitHub's private vulnerability reporting on this repository (the Security → Report a vulnerability tab). This keeps the report confidential until a fix is available.

Please include:

• A description of the issue and its impact
• Steps to reproduce (a minimal sample file is ideal)
• The OfficeCLI version (officecli --version) and your OS

We aim to acknowledge reports within a reasonable timeframe and will coordinate a fix and disclosure with you.

Security fixes are applied to the latest released version. Please upgrade to the latest version before reporting.