Please DO NOT report vulnerabilities in a public GitHub issue or unencrypted email!
Please report any security issues you find to the project maintainers by submitting a report via our web form: https://stanforduniversity.qualtrics.com/jfe/form/SV_6W5wiPWpDiWsBTv.
We ask that you not reveal the vulnerability to anyone until we have fixed and publicly disclosed it. We are happy to give you credit on our README for reporting the bug once it is disclosed, but we do not offer bug bounties.