If you find a critical vulnerability in this project, we are grateful if you report it on a non-public channel so that we can fix it without inviting attacks.

You can send an email to the maintainer, using the maintainers first name and the domain advertised on the profile page.

Or you can use Github's Report Vulnerability function.

If you find a non-critical issue, just file an issue.