You can report a security vulnerability through Discord or through email.

If you want to send an email, you can contact WizDen telecommunications@spacestation14.com. If you want to contact WizDen through Discord, you can join their server and then privately message anyone with the @Wizard or @SS14 Maintainer role.

In either case, do not publicly disclose the vulnerability until they explicitly give you permission to do so.