The Inclusive Design Institute community has a closed-membership security working group who are available to respond to possible security issues, consisting of a small group of committers to IDI-related projects.
Any suspected security vulnerabilities can be reported privately by email to security@idrc.ocadu.ca. These messages will be forwarded to members of the security working group, who are responsible for working with contributors with relevant expertise and the reporter to address the issue in a timely manner.