If you believe you have found a security vulnerability, please make every effort to report it to the appropriate maintainers responsibly so that it can be fixed discreetly (also known as "embargo").
When the issue relates to a specific image, please make an effort to (privately) contact the maintainers of that specific image. Some maintainers publish/maintain a SECRUITY.md in their GitHub repository, for example, which can be a great place to find information about how to report an issue appropriately.
For issues related to anything maintained under @docker-library on GitHub or associated infrastructure, please send an email to [email protected].
Image maintainers should also be aware of the "Security Releases" section of the maintainer documentation for pre-notifying the project maintainers of upcoming security-related releases.