For sensitive vulnerabilities, you can reach out to me personally at pajbot@pajlada.com. I check this email daily.

For non-sensitive vulnerabilities, feel free to open a GitHub issue. Response time here may be delayed as I only check this in the weekends.