SerenityOS is a hobby operating system developed by volunteers. It is unreleased software still in early development, and so bugs and vulnerabilities can be safely disclosed publicly. If you find an issue, we would prefer if you report it as a GitHub issue. If your issue was found using a fuzzer, please check oss-fuzz first to see if it has already been recorded.
We run a modest Bug Bounty Program to reward people who find certain kinds of exploits in the system. See that link for details, and to claim your reward. :^)