The scores package is not intended to function as a security boundary, checker or gatekeeper on untrusted or malicious data inputs. It should not be passed user-generated data or be used directly in web applications.

Security issues themselves should not be raised as issues on the public tracker.

Instead, send an email to [email protected] and your concerns will be acted upon.