If you see a vulnerability with allstar, report it to the allstar repository.

If you see an issue with the configuration of allstar for the Leplusorg organization:

1. you can report privately if required, by following Github's private disclosure mechanism
2. you can report publicly by opening an pull request or filing a bug and an org maintainer will take a look