If the issue is related to a public alert from OWASP/GitHub/Dependabot/CVE/etc and does not already have an open issue, feel free to open a new issue. Otherwise, please report any security vulnerability or other security-related incident or sensitive subject to us via private vulnerability disclosure through GitHub or, if that fails, via email.
Thank you for your contribution!