Our full security policy and vulnerability reporting procedure is documented on this external website.
Please note that this is a general BBC process. Communication will not be direct with the team responsible for this repo.
If you would like to, you can also open an issue in this repo regarding your disclosure, but please never share any details of the vulnerability in the GitHub issue.