If you discover a security vulnerability in glossa-lab, please report it responsibly:

1. Do NOT open a public issue
2. Email the maintainers or use the repository's private vulnerability reporting feature
3. Include:
   • Description of the vulnerability
   • Steps to reproduce
   • Potential impact
   • Suggested fix (if any)

We will acknowledge receipt within 48 hours and aim to provide a fix within 7 days for critical issues.

This project uses automated security scanning in CI:

• pip-audit
• npm audit