Security vulnerability found, but no defined security policy for this project

I have identified a security vulnerability on this project, but the project does not have a defined security policy. Could someone provide information about how to safely disclose the vulnerability?