To report a security vulnerability, please Open a draft security advisory so we can coordinate the fix and disclosure.