Please DO NOT report any security issues to public GitHub issue.
If you find a security vulnerability please kindly inform us about the problem immediately so that we can fix the security problem to protect a lot of users around the world as soon as possible.
Our email address for security report is below. This is a private mailing list and not open for public viewing. Please include your GitHub account when reporting a vulnerability to this email address if possible. Then we core team can invite you to private pull requests and reporters can join the code review.