Do not report security issues in public GitHub issues.

Use GitHub private vulnerability reporting for this repository:

• Open the repository Security tab.
• Start a private vulnerability report.
• Include the affected component(s), reproduction steps, impact, and any suggested mitigation.

If private reporting is unavailable in your GitHub session, use the public security contact issue template to request a private follow-up channel. Do not include exploit details, secrets, or proof-of-concept payloads in that issue.

• Initial acknowledgment target: within 3 business days
• Status updates: as fixes are triaged and prepared
• Public disclosure: after a fix is available or mitigation is documented

Security reports should focus on vulnerabilities in numereng and its directly shipped artifacts.