If you discover a security vulnerability, please refer to our bug bounty program for responsible disclosure:

https://github.com/swisscom/bugbounty