You can report a vulnerability through GitHub.

Your report will be acknowledged within 5 days and you will receive a more detailed response outlining the next steps in handling your submission.

Please include the information listed below to help better understand the nature and scope of the possible issue:

• Type of issue (e.g. SQL injection, data leakage, etc.)
• Full paths of the files related to the issue
• Step by step instructions to reproduce the issue
• Proof of concept or exploit code (if possible)
• Impact of the issue