You can submit any security issue or suspected vulnerability on the GitHub Security pages of the project. Please do NOT use public GitHub Issues for reporting vulnerabilities.
Unless documented explicitly, GradleUp projects are not a part of any security bug bounty program and, as of now, of any other program.
For confirmed issues, we will be happy to credit you in the public Security Advisory and on social media.