Please send an email to hi@pistasjis.net. Do not make a GitHub issue.
Your email needs to contain the following:
- How you found the vuln
- How to exploit the vuln
- What the vuln affects
- The severity
- And of course, what project that has a vuln and some extra contact information.
After the vulnerability gets fixed, a GitHub issue will be made for the vuln explaining everything above. If you don't want credit, let me know.