Please do not open public issues for security vulnerabilities.

Use one of these private channels:

1. GitHub private vulnerability reporting (Security Advisories), if enabled for this repository.
2. Directly contact the repository maintainers through private GitHub channels.

Include:

• affected component(s)
• reproduction steps or proof of concept
• impact assessment
• suggested remediation, if known

• We will acknowledge reports as quickly as possible.
• We will investigate, prioritize, and patch based on impact and exploitability.
• We will coordinate disclosure timing with reporters when appropriate.

Security fixes target currently supported lytx releases according to core/docs/release-policy.md.