For general bugs, submit a Bug Report issue from the repo's issues tab.
If you discover an issue that appears to be a threat to the security of the application or its users and should not be made public, you can report a vulnerability privately from the repo's issues or security tab. You will only need to fill out the title and description fields, but please provide as much information as you can.
Once submitted, you will have the option to start a private fork where you can collaborate on fixing the vulnerability.