If you have any reason to believe that there are security vulnerabilities across any repository in the organisation, please report to core@catppuccin.com.
We will respond within 2 - 3 business days. If the report is confirmed to be true, we will make the necessary changes required to fix the issue. We will deploy a patch as soon as possible depending on the type of port and complexity of the issue.