Please report security vulnerabilities via GitHub Security Advisories.

• 48 hours: Initial acknowledgment
• 7 days: Assessment and action plan
• 90 days: Target for fix and disclosure

For vulnerabilities in dependencies (e.g., pydantic), please report directly to those projects.