Excerpt from Issue Management - Security Vulnerabilities

If you believe that there is a security vulnerability in PowerShell Core, it must be reported to secure@microsoft.com to allow for Coordinated Vulnerability Disclosure. Only file an issue, if secure@microsoft.com has confirmed filing an issue is appropriate.

When you have permission from secure@microsoft.com to file an issue here, please use the Bug Report template and state in the description that you are reporting the issue in coordination with secure@microsoft.com.