If you find a significant vulnerability, or evidence of one, please report it privately.
We prefer that you use the GitHub mechanism for privately reporting a vulnerability. Under the main repository's security tab, in the left sidebar, under "Reporting", click "Advisories", click the "New draft security advisory" button to open the advisory form.
We will gladly give credit to anyone who reports a vulnerability so that we can fix it. If you want to remain anonymous or pseudonymous instead, please let us know that; we will gladly respect your wishes.
We gladly welcome patches to fix such vulnerabilities! See CONTRIBUTING.md for information about contributions.