It's important to us that the Carbon Language provides a secure implementation. Thank you for taking the time to report vulnerabilities.
The Carbon Language is still an experimental project, so please be careful if using it in security-sensitive environments.
Please use https://github.com/carbon-language/carbon-lang/security/advisories/new to report security vulnerabilities.
We use GitHub's vulnerability reporting for intake. We will respond to reports within two weeks. For valid issues we will coordinate and disclose on GitHub.
If you haven't received a response, a couple steps to take are (in order):