Qiskit.org only supports the online version at a time, both for bug and security fixes, which covers https://*.qiskit.org/* and https://qiskit.org/*.
To report vulnerabilities, you can privately report a potential security issue via the Github security vulnerabilities feature. This can be done here:
https://github.com/Qiskit/qiskit.org/security/advisories
Please do not open a public issue about a potential security vulnerability.
You can find more details on the security vulnerability feature in the Github documentation here: