You can report security bugs through the official WP Crontrol Vulnerability Disclosure Program on Patchstack. The Patchstack team helps validate, triage, and handle any security vulnerabilities.
Do not report security issues on GitHub or the WordPress.org support forums. Thank you.