Please report security vulnerabilities through GitHub Security Advisories.

For detailed security information, see our Security Policy.

Do not report security vulnerabilities through public GitHub issues.

• Acknowledgment: Within 24 hours
• Initial Assessment: Within 72 hours
• Regular Updates: Every 7 days during investigation
• Resolution: Target 30 days for critical issues

• Vulnerability type and affected component
• Impact assessment and severity
• Detailed reproduction steps
• Proof of concept if applicable
• Suggested fix if available

We take all security reports seriously and will work with you to resolve any issues promptly.