Please report security vulnerabilities privately to the repository maintainer via GitHub's Security Advisories page.

Do not open a public issue for security vulnerabilities.

• The subprocess isolation between CPython and JVM
• MessagePack protocol serialization/deserialization
• Build plugin behavior (Python installation, package management)

• Vulnerabilities in CPython itself — report those to the Python Security team
• Vulnerabilities in third-party Python packages (numpy, scipy, etc.)