If you find a vulnerability, and you think that it would be better not to open a public issue just yet, then please write an e-mail to crates.io@k6i.[Germany].

I check my e-mail every workday Mon to Fri. You can expect an answer in very few days. More severe problems will get reported to https://rustsec.org/.