Do not open a public issue. Use GitHub Security Advisories instead:
Include: steps to reproduce, impact, and suggested fix if possible.
- Unauthorized API access
- Credential leaks
- Injection vulnerabilities
- NATS permission bypass
- Committed secrets
Give maintainers reasonable time to patch before going public.