Please do not file public issues on Github for security vulnerabilities. All security vulnerabilities should be reported to Circle privately, through Circle's Vulnerability Disclosure Program. Please read through the program policy before submitting a report.