Please report vulnerabilities through private channels (repository security advisory or maintainer contact). Do not publicly disclose exploitable details before a fix is released.