If there is a vulnerability in the code of this domain (e.g. in one of the javascript files or the html files) always make sure you are viewing the latest/newest version and if the vulnerability could also be found there.

Although not necessary a 'vulnerability', you may also report it if you think there is a way to make the website/domain more privacy friendly.

If there is vulnerability in the code or a weakness you can choose between ways to let me know your findings:

1. Use the template to report a bug and pick other in the menu below the question What kind of problem do you encounter? (if necessary you can also choose a bug);
2. Go to issues and fill in the form Report a security vulnerability

Descriptions that are to vague or to general will be closed and thus declined.
Normally, within two weeks you will get a response. This means that within two weeks you will get an updated on the reported vulnerability. I may ask you more details or to help with fixing the issue. If the vulnerability is not creating to much risk and/or a fix is not found easy, the vulnerability could also become declined. But as you never know if I will accept it or not, please always report it.