Do not disclose suspected vulnerabilities publicly in issues, pull requests, or discussions.
If the target repository provides a private reporting path, use that path. If no dedicated private channel is documented, open a minimal public issue without exploit details and request a secure contact route.
- Affected repository
- Affected version, tag, or commit
- Vulnerability summary
- Impact assessment
- Reproduction conditions
- Proof of concept, if safe and necessary
- Suggested remediation, if available
Please allow reasonable time for triage and remediation before public disclosure.