Please do not report security vulnerabilities through public GitHub issues. Instead, please report them to the Github Security Reporting Tool which you can read about Here. You should recieve as soon as somebody triages and analyzes the issue.