Make an issue as "bug report" and include all the details you need to make us fix the vulnerabilty.
Use the "Security" label for better results.
After that, we will read your report and mark it as "declined" or "accepted."
If your issue hasn't been resolved, reach us here.