Please report security vulnerabilities privately, not via public issues.
Use GitHub's private vulnerability reporting: open the affected repository's Security tab and click "Report a vulnerability". We will acknowledge the report and work with you on a fix and coordinated disclosure.
Do not open a public issue or pull request for security problems.