Please report security vulnerabilities to [email protected]. Thank you! Note that, unlike the GitHub CLI, hub is not an eligible target for the GitHub Bug Bounty program.