To report a security issue, please use https://stirlinglabs.com/vulnerability/ We use https://stirlinglabs.com/vulnerability/ for our intake, and do coordination and disclosure here on GitHub (including using GitHub Security Advisory).