If you're looking to report a security vulnerability, please go to the GitHub Security tab, and click on the "Report a vulnerability" button.

Unsoundness issues should be limited to that which is actually exploitable; theoretical soundness issues should be reported by opening a new issue, and is tracked with the label I-unsound.

Security issues inherent to Apple's frameworks should be reported to Apple Security Research.

Note that I'm working on objc2 in my free time, and am often without internet access. Security vulnerabilities will be highly prioritized, but expect delays for up to a week.