Any vulnerabilities on the dev branch or prod which correspond to https://staging.cubeartisan.net/ and https://cubeartisan.net/ should be reported privately according to this document

Please email all vulnerabilties found to [email protected] and they should get logged as security advisories in github within a few days. You'll be given access to the security advisory to allow further discussion of the issue and to let you know we received it. If you do not get added you can message Devon Richards on Discord at ruler501#5217