If you find a vulnerability in Red Hat's Component Registry, please report it privately to secalert@redhat.com.
In addition to the description of the vulnerability, if possible please include a short reproducer, a proposed severity rating (for example, see Red Hat's severity ratings), and other classifying metadata such as a CWE ID or a CVSS score.