To privately report a security vulnerability, please create a security advisory in the repository's Security tab.

Further details can be found in the GitHub documentation.