To report vulnerabilities, you can privately report a potential security issue via the Github security vulnerabilities feature. This can be done here:
https://github.com/Qiskit/qiskit-serverless/security/advisories
Please do not open a public issue about a potential security vulnerability.
You can find more details on the security vulnerability feature in this Github guide.