Do not open public issues for security vulnerabilities.

Report them privately by emailing umarawanuk@yahoo.co.uk with:

• A clear description of the issue
• Reproduction steps or a proof of concept
• Impact assessment if known
• Any suggested remediation

You can also use GitHub private vulnerability reporting if it is enabled for the repository.

• Valid reports will be acknowledged as soon as practical.
• Fix timing depends on severity, exploitability, and release risk.
• Please avoid public disclosure until a fix or mitigation is available.