Please contact [email protected] as soon as possible to report the vulnerability. If this is a vulnerability that can be actively exploited please do not create a GitHub issue on the public repo for this at first.
If you receive no reply, please create an issue for the community to respond to without providing details of how the vulnerability can be exploited at first.
Unfortunately, Nouse doesn't offer a paid bug bounty programme.