Please do not open public issues for security vulnerabilities.

Use one of these channels:

1. GitHub Security Advisories (Security tab -> Report a vulnerability).
2. If private reporting is unavailable, contact the repository owner at https://github.com/An-3 and request a private disclosure path.

When reporting, include:

• Affected version/commit
• Reproduction steps
• Expected vs actual behavior
• Impact assessment
• Any proposed mitigation

You will receive an acknowledgement as soon as possible, and we will coordinate on disclosure timing after a fix is available.