If you want to report a security issue, please privately disclose the issue either via:

• The vim-security mailing list: [email protected]
  This is a private list, read only by the maintainers, but anybody can post.
• GitHub Security Advisories

Please don't publicly disclose the issue until it has been addressed by us.

• Clearly explain why the behaviour is a security issue, not just that a bug exists.
• Keep reports concise and focused.
• Do not flood us with a list of issues. Report them one by one to ensure to not overwhelm us with the work load.
• Do not submit AI-generated reports without carefully reviewing them first. Low-quality or speculative reports waste maintainer time and will be closed without action, and repeat offenders will be banned.