You have two channels for this:

1. Using repository > Security > Report a vunerability. Make sure to fill in as much information as possible and enter your contact details so we can contact you to ask for more details.
2. Using the founders email: [email protected]