Email jam.sw.org@gmail.com with the details. Please do not open a public issue for a security report.

Include the affected repository, a description of the issue, and steps to reproduce it. We aim to acknowledge a report within 72 hours and will keep you updated on the fix and the disclosure timeline.

Security fixes land on the latest released version of each project. Older versions are not maintained.