If you believe you've found a security vulnerability with a script in the scripts folder, submit a security advisory via GitHub.
Anything else is likely not applicable to PlusOnion. You should consider contacting these parties instead:
If you still think there's a problem, submit a security advisory anyway! The worst I can do is say no or redirect you elsewhere. I promise to be friendly.