Please do not file public issues on Github for security vulnerabilities. All security vulnerabilities should be reported to Circle privately, through Circle's Bug Bounty Program. Please read through the program policy before submitting a report.