If you believe you have found a security issue in Varden, please report it privately before public disclosure.
- Preferred: use GitHub private vulnerability reporting for this repository (available when the feature is enabled on the repo).
- If that is unavailable, open a draft security advisory from the repository Security tab, or contact the maintainer through a non-public channel linked from the GitHub profile of the repository owner.
- affected version or commit
- reproduction steps
- impact assessment
- suggested mitigation if known
Please avoid opening public issues for exploitable vulnerabilities until a fix is available.