If you find something that can be treated as a security vulnerability, please do not use the issue tracker or discuss it in the public forum/channels, as it can cause more damage rather than give real help to the ecosystem.
Security vulnerabilities should be reported via https://web3.foundation/security-report/.