To report a vulnerability, please file it in the GitHub Security Advisory "Report a Vulnerability" tab, describing how the code is vulnerable, and how to reproduce (if possible - an example command line demonstrating the vulnerability).
As this is not my full time or day job, I may take several days to respond - please feel free to raise an Issue should you not get an initial response within one week.