About
I looked at the repo GitHub - citizenfx/fivem: The source code for the Cfx.re modification frameworks, such as FiveM, RedM and LibertyM, as well as FXServer., and you don’t include a security policy.
anyways, just out of curiosity I did a scan with a tool called:
They have a free tier to scan code vulnerabilities for OS.
The scan for GitHub - citizenfx/fivem: The source code for the Cfx.re modification frameworks, such as FiveM, RedM and LibertyM, as well as FXServer. returned one critical vulnerability, and I wanted to address that 
Question
Where Do We Report Security Vulnerabilities?
PS: I’m not affiliated with Snyk, they have something cool for free that might help some of you…