Before reporting any vulnerability, make sure that it is caused by this project (i.e., this is not a vulnarability of the bridge itself). To report a vulnerabilitiy, you can send me an email (s@sxn.dev). My PGP public key is available here.