To report a vulnerability, do not open an issue. Email [email protected] directly.