Please report vulnerabilities privately through GitHub's vulnerability reporting. If you are unsure whether an issue represents a vulnerability, report it privately nonetheless. We can then discuss it and decide whether to create a public bug report instead.