Two main ways of reporting a vulnerability to the KYVE Core Team exist.

You can contact us at security@kyve.network, which all code owners can access and check regularly. Tied to this email, you can find our public key that you can use to send us encrypted emails.

Additionally, you can go through GitHub's private vulnerability reporting system.