To submit a vulnerability report, please create a security advisory via our dedicated GitHub page. Terms and Conditions, Scope and Rewards are documented in the bug bounty policy.