Please use the security issue form to report to us any security issue you find in the Yii2-Oauth2-Server.
DO NOT use the issue tracker or discuss it in public as it will cause more damage than help.

Please note that as a non-commercial OpenSource project we are not able to pay bounties.