If you discover a security vulnerability in Exprify, please report it privately by opening a security advisory at:

https://github.com/code-hemu/exprify/security/advisories/new

You can expect an acknowledgment within 48 hours and a detailed response within 5 business days. If the vulnerability is accepted, a fix will be coordinated through a private release and published as a patch version. If declined, you will receive an explanation of why the issue does not constitute a security risk.

Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.