Please report found vulnerabilities privately at https://github.com/jonasbb/serde_with/security. GitHub provides details for submitting vulnerabilities using their system and has advice about writing a good advisory.
Provide as much information as possible while reporting, ideally including a proof-of-concept exploit.