If you find a significant vulnerability, or evidence of one, please report it privately.

Vulnerabilities should be reported using GitHub's mechanism for privately reporting a vulnerability. Navigate to the affected repository's Security tab and click "Report a vulnerability" to open the advisory form.

The reported vulnerability will be triaged and, if accepted, a security advisory will be published and all further communication will be done via that security advisory.