The creator of this project thinks it highly unlikely there will be any security vulnerabilities in the near future (he is nowhere near that advanced), but this is still included for compliance. Please report as described below.

• Method native to GitHub

  Go to the Security tab and click on "Report a vulnerability" in the upper right corner.

• Via email

  Send me an email. If possible, encrypt your message with PGP; the fingerprint is 836B3C7AA3DAC6337F61CD2D2A5943B64B0994DE, and the public key is shown below. You should always check it against the fingerprint first in case either was compromised.

-----BEGIN PGP PUBLIC KEY BLOCK-----

mDMEaaqzVBYJKwYBBAHaRw8BAQdAtJbeyQ/4Y1jcnodJifV3ay0Glnlf+37KXRI7
7EmdAzS0JkpvbmF0aGFuIER1bmcgPGpvbmF0aGFuZHVuZ0B5YWhvby5jb20+iLUE
ExYKAF0WIQSDazx6o9rGM39hzS0qWUO2SwmU3gUCaaqzVBsUgAAAAAAEAA5tYW51
MiwyLjUrMS4xMSwyLDECGwMFCYswO+wFCwkIBwICIgIGFQoJCAsCBBYCAwECHgcC
F4AACgkQKllDtksJlN4CggEAhNGp66VgOJIUsD6hn+kX2UgbYnKVg7Nubw2ywztc
Y6cA/07V8UCIfu+aVvXLcfdclK6f+u8l90E+1y3HAn94Ib4NuDgEaaqzVBIKKwYB
BAGXVQEFAQEHQNFneq7FqNnzr7S3nFqowSKvH+C8lKRPRCnWCKWKR/NrAwEIB4ia
BBgWCgBCFiEEg2s8eqPaxjN/Yc0tKllDtksJlN4FAmmqs1QbFIAAAAAABAAObWFu
dTIsMi41KzEuMTEsMiwxAhsMBQmLMDvsAAoJECpZQ7ZLCZTeUssA+gOViN7xSKvA
gNDYS8Hnxzw0EU/5LtxolGz2OXzUNJEfAQCfuMAmgPCcoN0bnrDAwDK+aU90J4tS
O01JPuZoia5kAQ==
=QBAY
-----END PGP PUBLIC KEY BLOCK-----

The creator thanks you for your report in this unfortunate scenario. If you wish not to be acknowledged, please state that in the email. Please note that reporting such potential exploits, if they are to emerge, via public channels such as the issues tab is a sure-fire way to notify the attackers (if any), who may then adjust their strategy. Therefore, you should ensure the communication method chosen is not compromised according to the guidelines above.