Please open a private security advisory on GitHub (Security → Advisories) or email the maintainers. Do not create public issues for sensitive reports.

• main branch and the latest release tag.

• Economic exploits (attacker ROI > 1 via parameter games)
• Circuit breaker bypass
• Export integrity issues (tampering with CSV / params snapshot)