If you find a security vulnerability you can open an issue to the affected project.

Be sure to mark the issue with a [Security vulnerability] tag in the title so that it's urgency can be fully understood.

If you already have a solution you can follow the Contributing guidelines to open a PR.