You can privately report a potential security issue via the GitHub security advisory feature. This can be done here:

https://github.com/IBM/sonar-cryptography/security/advisories

Please do not open a public issue about a potential security vulnerability.

You can find more details on the security vulnerability feature in the GitHub documentation here:

https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability