Security vulnerabilities should not be reported as an issue on GitHub because anyone can see this issue and use it.
On the other hand, Security vulnerabilities should be reported as fast as possible.
Instead, they should be reported via the Report a vulnerability option on GitHub, on Keybase (to user dan1st) or on Discord (user dan1st#7327).
Private Messages on Discord are only allowed if the both users are member of a common server (Guild). In order to bypass that, you can join this Server.