Please report potential security vulnerabilities privately through GitHub:
https://github.com/PSeitz/lz4_flex/security/advisories/new

If you are unsure whether something represents a vulnerability, please report it privately nonetheless. We can then evaluate it together and decide how to handle the issue.