If you have any reason to believe that there are security vulnerabilities across any repository in the organisation, please report to core@catppuccin.com.
We will aim to respond as quickly as possible, but note that the above mailbox is not monitored 24/7. If the report is confirmed to be true, we will make the necessary changes required to fix the issue. We will deploy a patch as soon as possible depending on the type of port and complexity of the issue.