Feel free to report a vulnerability as a GitHub issue only if the vulnerability you found does not compromise users' privacy or security.
If it does, then pay great care to responsible disclosure. Send an email to [email protected], preferably using PGP encryption: https://github.com/zkSNACKs/WalletWasabi/blob/master/PGP.txt