We, the Werval community, takes security very seriously. We have a culture of defensive coding and build things with security in mind. However, it can happen that holes slip through. When we fix security vulnerabilities, we do it in the open.
Until this project reach 1.0 you can create a new issue describing your findings.
After 1.0 we will put vulnerability escrow in place.