Do not disclose security vulnerabilities on the GitHub issues page. Disclose them in private to Jonathan M. Wilbur [email protected] first. They will be publicized and you will be given credit for discovering them where credit is due once the vulnerabilities are fixed.