The current version of Codemetrix will be checked with ShellCheck and a best effort in writing secure, rational Bash will be undertaken.
It's unclear to me if any user can add a security advisory report. If you can, do it! Else reach out if with a regular issue. Try to limit the amount of detail since the communication is public. I will then reach out so we can have a private conversation. Please prepare proof of the security vulnerability, and ideally a mitigation strategy.