To report vulnerabilities either submit a private report using the Report a vulnerability button on the Security page or publicly by opening an issue on the Issues page. Both options require you to have a GitHub account.