If you discover a security vulnerability in ghx, please report it responsibly.

Preferred method: Open a GitHub Security Advisory (private by default).

Alternative: Email the maintainer with details. Include:

• Description of the vulnerability
• Steps to reproduce
• Potential impact
• Suggested fix (if any)

We will acknowledge receipt within 48 hours and provide an initial assessment. We aim to address critical issues as quickly as possible.

• We will not disclose the issue publicly until a fix is available or a mutually agreed timeline has passed.
• We will credit you in the advisory (unless you prefer to remain anonymous).
• We follow a coordinated disclosure process aligned with GitHub's guidance.