Please report suspected vulnerabilities privately to the repository maintainer.

Do not open a public issue for an unpatched security defect.