To report a security vulnerability in the project, please use GitHub's private vulnerability reporting.

You can expect a response within a few days, and hopefully a resolution within another few days, depending on the specific issue. This project is run in my free time, so everything is done on a best-attempt basis.