You can report vulnerabilities as an Issue.
Make sure to tag it with vulnerability.
If we do not respond within a week to the Issue, please tell us on Discord: j0code#7360 / cfp#7174.
If it's a vulnerability in a library we depend on,
- either right away,
- or as soon as there is a fix available
If it's a vulnerability in our code, it might take us a bit longer until a fix is available. You might want to make a Pull Request instead. Making the report as precise and detailed as possible will also tremendously reduce the time for us to find the issue.
We will credit you in the Readme.