Hey there!

I'd like to report a security issue but cannot find contact instructions on your repository.

If not a hassle, might you kindly add a SECURITY.md file with an email, or another contact method? GitHub recommends this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future.

Thank you for your consideration, and I look forward to hearing from you!

(cc @huntr-helper)

@Robinyo - it looks like we never got the two reports to you. Sorry about that!

You can find both of them here:
https://huntr.dev/bounties/3e92744b-8aaa-4700-8749-0bc758fe2328/
https://huntr.dev/bounties/615da062-2915-4d61-bf76-23f34a3ca6b6/

They are both private and only accessible to you once you have signed up :) If you would prefer not to sign-up, I can provide you with magic URLs that will allow you to view the contents of both reports.

Let me know what works for you 👍