Vulnerabilities discovered in pycryptoki can be reported on github.com/ThalesGroup/pycryptoki issue tracker.

Note that Pycryptoki is primarily a test tool, so it often allows you to use old or dated cryptography. This is not an explicit vulnerability.