Do not open a public issue for security-sensitive reports.

Use GitHub Security Advisories for this repository so the report can be handled privately.

If the issue is urgent and you cannot access Security Advisories, contact the repository owner through a private channel before publishing details publicly.