In order for vulnerability reports to reach maintainers as soon as possible, the preferred method is to use the "Report a vulnerability" button under the "Security" tab of the associated GitHub project. This creates a private communication channel between the reporter and the maintainers.

If you cannot or prefer not to use GitHub's vulnerability reporting workflow, please reach out to the team by emailing [email protected].