Contact anankke@pm.me or use Github Security Advisories feature to report a vulnerability, do not use issue tracker.