To report a security issue, please use g.co/vulnz.

We use g.co/vulnz for intake and do coordination and disclosure here on GitHub (including using GitHub Security Advisories).

The Google Security Team will respond within 5 working days of your report.