Note that it is known that users can publically create new entries in installations.json.

Vulnerabilities should ideally be reported by directly messaging one of the TGS maintainers on Discord. Maintainers can be found in the #coderbus guild in the #hosting-questions channel. Please be sure to provide reproduction steps.

Here is a list of their discord IDs.

@Cyberboss - dominion (<@133295178197893120>)

Once reported, they will handle the processing of the security advisory.