To report a security vulnerability to Neovim, use https://github.com/neovim/neovim/security/advisories/new