Security reports should be raised as issues against the respective Practicalli repository, stating the details of the issue and tooling used to indentify the issue.
Repeatable issues will be resolved much faster than those that require manual investigation and testing.