Please do not report security vulnerabilities through public GitHub issues.
If you believe you have found a security vulnerability in OpenPGP.js, please report it via email to [email protected]. If possible, encrypt your message with our PGP key: it can be downloaded automatically using WKD, or manually on openpgpjs.org.
You should receive a response within 2 working days.