This is a personal project and is mostly creating images from existing Universal Blue/Fedora packages. If you've found an issue with something in one of these repositories you'd need to see if that package comes from Fedora, Universal Blue, or from a third party resource and report the issue there. The images build every day and automatically slipstream the changes from Univeral Blue/Fedora into the final image.

If the issue is with something you've found in Fedora then checkout this information from the CoreOS security.md:

If you've found a security issue that you'd like to disclose confidentially please contact Red Hat's Product Security team. Details at https://access.redhat.com/security/team/contact

Most repositories are licensed under the Apache License, Version 2.0. Some components may be licensed differently - consult individual repositories for more.