You can report vulnerabilities privately via the Issues tab and then select New Issue and Report a security vulnerability. For more information and how to fork und pull-request privately you find more information here: https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability

You can also send an e-mail to security AT fritz DOT wtf. Please consider using GnuPG!

-----BEGIN PGP PUBLIC KEY BLOCK-----

mDMEZj0QSRYJKwYBBAHaRw8BAQdAuM8wbSKGp1zBm6lbn4shkm4Ka39Q8hF1CNXD 1hNaxae0Q3NlY3VyaXR5QGZyaXR6Lnd0ZiAoVXNlZCBmb3Igc2VjdXJpdHkgcmVw b3J0cykgPHNlY3VyaXR5QGZyaXR6Lnd0Zj6IkwQTFgoAOxYhBKBPN/9jSdjXguWv 0pxxPNpKVlwmBQJmPRBJAhsDBQsJCAcCAiICBhUKCQgLAgQWAgMBAh4HAheAAAoJ EJxxPNpKVlwmCo4BAIcuIGYJQFWtump1H9+DfzSKFR+2YxZLQVRQZvH1bz9xAP4o PvIX9W6bm2JtAyg5kOznhtuILuUC/ycpbW5qapxTDrg4BGY9EEkSCisGAQQBl1UB BQEBB0CXqLqCovD6iLgPzugcELc5YOhTrWdeSdNNuK3ooSCqBwMBCAeIeAQYFgoA IBYhBKBPN/9jSdjXguWv0pxxPNpKVlwmBQJmPRBJAhsMAAoJEJxxPNpKVlwmcH4B AP7K1kkEDK79MXS+9k0dsxWop1OLZVDacXh8smiMoJBLAQCbTGwefbzx/bkZrOoN U0bF3eG9LHta1NXL7XQXyhQ0CQ== =egKs

-----END PGP PUBLIC KEY BLOCK-----