Tying in with #1389, this will add a new section to the 'create new issue' and also be visible in the 'security' tab on GitHub It's been left intentionally generic.
@@ -0,0 +1,7 @@
+# Reporting a vulnerability
+
+If you have found any issues that might have security implications,
+please send a report privately to the email associated with the author
+of this repository.
+Do not report security reports publicly.
Jos Ahrens