Please report vulnerabilities privately to the repository maintainer before public disclosure.

Tessera processes untrusted document archives. Security reports involving ZIP traversal, XML entity handling, decompression limits, LaTeX execution, or path handling are in scope.

Tessera does not perform telemetry or normal-operation network calls.