You can report a security vulnerability through Discord or through email.

If you want to send an email, you can contact us at admin@civ13.com. If you want to contact us through Discord, you can join our server and then privately message any of the staff members.

Some of the security vulnerabilities might not be codebase-specific but rather related to the engine, so you might want to report it to the SS14 team instead/as well: check here

In either case, do not publicly disclose the vulnerability until we explicitly give you permission to do so.