To report a vulnerability, please email hello@encoredigitalgroup.com. Make sure your subject line is "Security Vulnerability Report". In your message, please be sure to include the affected versions of the package so that we can investigate.