Mintlayer runs a responsible disclosure program for security issues, as such all security issues should be reported to security@mintlayer.org or enrico@mintlayer.org or samer.afach@mintlayer.org.
If you disclose a valid security issue then you may be eligible for a bounty paid in ML see the details here.
It's best to err on the side of caution, if you find something you think is security related but not eligible for the bounty or something you're not 100% sure about then let us know on the above email addresses anyway as we treat each report on a report by report basis so you may still be paid a bounty.
GPG keys for Enrico and Sam can be found here for Enrico and here for Sam.
Security issues may not be publicly announced until Mintlayer agrees.