If you see a vulnerability with allstar, report it to the allstar repository.
If you see an issue with the configuration of allstar for the Leplusorg organization:
- you can report privately if required, by following Github's private disclosure mechanism
- you can report publicly by opening an pull request or filing a bug and an org maintainer will take a look