Please do not open public issues for security-sensitive problems.
Instead, report them privately to the maintainer with:
- a short summary of the issue
- affected file or page
- impact description
- reproduction steps
- screenshots or proof of concept when helpful
The project aims to:
- acknowledge the report promptly
- reproduce and assess the issue
- decide whether the fix should be silent or public
- ship a correction in a reasonable timeframe
- exposed secrets or tokens
- unsafe external script usage
- download-link tampering
- XSS or injection risks
- privacy issues in tracking, metadata, or third-party embeds
- publishing exploit details before a fix is ready
- opening duplicate public issues for sensitive topics
- sharing private credentials in screenshots