Vulnerabilities discovered in pycryptoki can be reported on github.com/ThalesGroup/pycryptoki issue tracker.
Note that Pycryptoki is primarily a test tool, so it often allows you to use old or dated cryptography. This is not an explicit vulnerability.