Use GitHub's private vulnerability reporting or reach out to the maintainers directly.
| Detail | Why |
|---|---|
| Description | What's broken |
| Steps to reproduce | So we can see it ourselves |
| Potential impact | How bad is it |
| Suggested fix | If you've got one, even better |
| Step | Timeframe |
|---|---|
| Acknowledgment | Within 48 hours |
| Initial assessment | Within 1 week |
| Fix or mitigation | ASAP, depending on severity |
Only the latest version on master is actively maintained.