Please report any vulnerabilities found using the Security tab/page per repository, then choosing Report a Vulnerability