Instead, please open a private vulnerability report in this repository, on the "Security and quality" tab.

See https://docs.github.com/en/code-security/how-tos/report-and-fix-vulnerabilities/privately-reporting-a-security-vulnerability

We prefer all communications to be in English.

Reports should include the following:

• reproducible example showing how the vulnerability can be exploited
• statement about the impact (including affected versions)

And we'd appreciate if they also include:

• statement about whether you are interested in implementing the fix yourself

This project is staffed exclusively by volunteers. Please be patient and allow us time to respond before disclosing vulnerabilities.

We prefer to coordinate disclosure privately, and are committed to giving credit for confirmed vulnerabilities.