To report vulnerabilities, you can privately report a potential security issue via the Github security vulnerabilities feature. This can be done here:

https://github.com/Qiskit/qiskit-serverless/security/advisories

Please do not open a public issue about a potential security vulnerability.

You can find more details on the security vulnerability feature in this Github guide.