If you find a significant vulnerability, or evidence of one, please report it privately.

Vulnerabilities should be reported using GitHub's mechanism for privately reporting a vulnerability. Navigate to the affected repository's Security tab and click "Report a vulnerability" to open the advisory form.

A member of this organization will triage the reported vulnerability and if the vulnerability is accepted a security advisory will be published and all further communication will be done via that security advisory.