How do i report security bugs in Pimcore?

I cant seem to find a contact mail for disclosure and probably it is not a good idea to create a github issue for it … also only affects v4 in special conditions

thx … would be a good idea to link this on pimcore website

it is on github: