Please report security issues privately by emailing:
Include:
- A clear description of the issue.
- Steps to reproduce, if available.
- Affected endpoint, SDK, or repository.
- Any relevant request IDs or timestamps.
Do not include live API keys, access tokens, or customer secrets in the report. If a secret was exposed, revoke or rotate it before sending the report.
Please do not open a public GitHub issue for vulnerabilities. We will coordinate disclosure after the issue is understood and a fix or mitigation is available.