To report a Vulnerability, you must email [email protected] The subject line must start with "SECURITY:" Ideally, it will be looked at within a couple of hours. There should be an automated response given to you within that couple of hours, at worst a day. There may or may not be any further follow up.