Please open a security advisory or send a detailed mail to [email protected] to report security vulnerabilities. Even when unsure whether the bug in question is an exploitable vulnerability, it is recommended to use the above methods and not discuss the issue anywhere else.