Use GitHub Security Advisories to report vulnerabilities privately. This ensures the issue can be addressed before public disclosure.

Include:

• Description — What is the vulnerability?
• Impact — What could an attacker do?
• Steps to reproduce — How to trigger it