To report vulnerabilities, you can privately report a potential security issue via the GitHub security vulnerabilities feature.
Please do not open a public issue about a potential security vulnerability.
You can find more details on the security vulnerability feature in the GitHub documentation here: