Report vulnerabilities to the package owner/maintainer directly not to me.

Message should follow their specific guidlines, being in general, concise, containing enough detail and the effect of the discovered vulnerability if used maliciously.