Do not report a security issue directly in the public GitHub Issues, since someone may take advantage of it before the fix. Send an email to [email protected] instead.