Please do not open a public issue for security problems.

Use a private GitHub Security Advisory if available, or contact the repository owner directly with:

• a short description,
• affected files or routes,
• reproduction steps,
• impact,
• and a suggested fix if you have one.

• The commit hash or version you tested.
• Whether the issue needs authentication.
• Request/response details if the issue is API-related.

Please allow time for a fix before public disclosure.