Do not disclose "new" or "unknown" vulnerabilities to this project or to this repository about other projects.

So, if you find a vulnerability (or evidence of one) in a specific project other than this one, and that vulnerability is not already well-known publicly, please report the vulnerability to that project.

If you find a vulnerability (or evidence of one) in this specific project (e.g,. its scripts), please do report such vulnerabilities to us.

We prefer that you use the GitHub mechanism for privately reporting a vulnerability. Under the main repository's security tab, in the left sidebar, under "Reporting", click Advisories, then click "Report a vulnerability" to open the advisory form.