Do not submit an issue or pull request: this might reveal the vulnerability.

Instead, you should use the GitHub Security Advisory "Report a Vulnerability" tab, or you can email the maintainer directly at: cezelot@proton.me.