Use Github security reporting. It will promptly be reviewed and adressed accordingly. If I have not enabled this for the repository, raise an issue for that, and I will get that done. Please do not submit security problems as github issues.

Please adhare to Responsible disclosure which enhances security for the entire community.

I strongly recommend users of my libraries to use Scala Steward or something similar to automatically receive updates.