Please report potential security vulnerabilities privately through GitHub:
https://github.com/PSeitz/lz4_flex/security/advisories/new
If you are unsure whether something represents a vulnerability, please report it privately nonetheless. We can then evaluate it together and decide how to handle the issue.