From Miraheze Meta, Miraheze's central coordination wiki

While Miraheze takes the security of their servers and data very seriously, we cannot guarantee a 100% security leak free MediaWiki environment.

Report a security flaw

If you think you have found a flaw in/on any Miraheze site, server, MediaWiki extension or anything that is ran on a Miraheze server, please email with as many details as possible. Do not discuss the flaw publicly. Depending on the affected service, it might be necessary to email - if you are in doubt who to email, contact us; we'll forward your email to Wikimedia if needed.

As an alternative to email, you may login or create an account on our Phorge with MediaWiki, GitHub, or a Phorge-specific account and then proceed to open a security related task using this form which hides it from the public view and adds the Security project so our team is notified of the task.