Security: preferred channel for private vulnerability disclosure?

[StellarRequiem]

Hi — I'd like to report a security issue in fastapi_mcp privately (responsible disclosure), but I don't see GitHub's private vulnerability reporting enabled or a SECURITY.md.

Could you either enable Private vulnerability reporting (repo Settings → Security → "Private vulnerability reporting") so I can file a GitHub Security Advisory, or point me to a private security contact (e.g. a security@ address)?

Once there's a private channel I'll send full details — root cause, PoC, affected versions, and a suggested fix. Thanks!