You can report a security vulnerability through Discord or through email.
If the vulnerability is related to the original game's code, you can contact Space Wizards Federation at telecommunications@spacestation14.com or through their Discord server.
If the vulnerability is related to this fork, contact us at deadspace14.contact@gmail.com or through our Discord server.
Do not publicly disclose the vulnerability until you receive permission to do so.