We are so thankful for developers and users for reporting any security vulnerabilities or concerns that they have!
Please note that this report will remain with only the maintainers of the project and anyone else who is required to evaluate/fix the issue. In case you have any other kind of issue to report, kindly open an issue in the appropriate repository for the same.
To make the report, you may follow the steps we have mentioned in ORAS's security policy.