Please report security vulnerabilities to mislav@github.com. Thank you! Note that, unlike the GitHub CLI, hub is not an eligible target for the GitHub Bug Bounty program.