Report vulnerabilities to the repository maintainer via GitHub private vulnerability reporting or email. Expect an initial response within 7 days.