To submit a Security Vulnerability, please use the https://foundryvtt.com/contact-us/ with the "Bug Report" inquiry category.
We will create an internal issue and / or Security Advisory to track and resolve the issue. Once the issue is resolved and a stable release which contains a fix has been released, we will disclose the issue to our user community and encourage them to update to that stable release version.
If desired, we will publicly credit you in our release notes for identifying the vulnerability.