If the security vulnerability is relevant to all SS14 servers, please communicate it to the mainline SS14 development team:
Through email, you can contact them at telecommunications@spacestation14.com.
Through Discord, you can join their server and then privately message anyone with the @Wizard or @SS14 Maintainer role.
If the security vulnerability is purely relevant to Boomerstation, please contact a maintainer on Github or contact us on our Discord Server
In either case, do not publicly disclose the vulnerability until we explicitly give you permission to do so. This gives time to update and patch the vulnerability before bad actors can exploit it.