Please report a Vulnerability with the built-in Github functionality in the Security tab : https://github.com/maestro-org/smart-contracts/security/advisories

More info here : https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability