Please do not file security vulnerabilities as public GitHub issues.

Use GitHub's private vulnerability reporting instead. This sends the report directly to the maintainers via a private channel that only we can see.

We will review and respond when we can.