Please report security issues privately so we can address them before public disclosure.

• Use GitHub Security Advisories for this repository (preferred).
• Or email [email protected] with a clear subject line (e.g. [security] nexus).

Include steps to reproduce, affected versions or commits, and impact if known.

In scope: vulnerabilities in this repository’s code, workflows, and documented usage.

Out of scope: social engineering, denial-of-service against infrastructure you do not own, or issues in third-party services unless they stem from our integration code.

We aim to acknowledge valid reports within a few business days and coordinate disclosure after a fix is available.