GitHub has a mechanism for private disclosure of vulnerabilities to repository owners and authorized persons such as maintainers. This repository has this feature enabled.
See Privately Reporting a Security Vulnerability.
Go
to postcodeservice/postcode-magento2'
s Security page and click
on Report a vulnerability.
This will notify the owners and maintainers.
We are committed to addressing any security-related issues, provided your Magento version continues to receive support from Magento. If your Magento version is no longer supported, we strongly recommend instructing your development team or agency to update to the most recent version.