Security

SECURITY.md

Security Policy

Do not report vulnerabilities or sensitive information through public issues, pull requests, discussions, commits, or comments.

Do not submit:

credentials
exploit payloads against live systems
personal data
private logs
internal infrastructure maps
customer/vendor data
non-public operational material

Use a private channel controlled by the repository owner for sensitive reports.

There aren't any published security advisories