If you find a leak of credentials, private state, private profile content, or personal data, do not open a public issue with the sensitive material. Report the problem through the repository owner's preferred private security contact or GitHub's private vulnerability reporting flow when enabled.