Security fixes are applied to the latest version on the default branch.

Please report vulnerabilities privately first. Preferred path after GitHub publish:

• Use GitHub private vulnerability reporting (Security tab).

If private reporting is not available yet, open an issue with minimal detail and request a private channel for full reproduction details.

Include:

• affected files and functions
• reproduction steps
• impact and exploitation conditions
• suggested fix (if available)

If you are unsure whether something is security-relevant, report it anyway.

• Initial triage target: within 7 days
• Status updates: provided as work progresses
• Public disclosure: after a fix is available (or after coordinated timeline agreement)

This project is primarily documentation, examples, and helper utilities for PyTorch MPS kernels. Still, issues such as unsafe file handling, command execution hazards, or data exposure paths should be reported.