To report security vulnerabilities, open a normal bug report in the
[calibre bug tracker](https://calibre-ebook.com/bugs) and mark it private.