At the moment, only the latest commit on the main branch will be supported for security vulnerabilities.

Please do not report security vulnerabilities through public GitHub issues.

If you found a security vulnerability in the current repository, please send a mail to Tim Andy. You should get a reply within 72 hours that we have received your report and a tentative CVSS score. We will do a preliminary analysis to confirm that the vulnerability is a plausible claim and decline the report otherwise.

If possible, please include:

1. reproducible steps on how to trigger the vulnerability.
2. a description on why you are convinced that it exists.
3. any information you may have on active exploitation of the vulnerability.