Please do not report security vulnerabilities through public GitHub issues.
If you believe you have found a security vulnerability, please report it via email to security@protonmail.com. If possible, please encrypt your message; e.g. by using ProtonMail, or by fetching our PGP key, which can be done automatically using WKD, or manually from protonmail.com.
You should receive a response within 2 working days.