Where to report security vulnerabilities?

  • I found two security vulnerabilities in the private server login flow, but I don't want to reveal the details publicly. One includes a piece of code that can be used to actively exploit it; the other is purely theoretical but goes against the Steam developer guidelines. Is there a way I can report them such that only the Screeps developers can view it?

  • When logged into the screeps world, Top left next to the Screeps logo there's a menu button.Half way down the menu is "Report a Problem"


    There is also an option to mark it Urgent if you feel its dire.