If you have discovered a vulnerability inside the project, report it privately at <{{ security_email }}>. This way the maintainer can work on a proper fix without disclosing the problem to the public before it has been solved.