If you find a security vulnerability in Jupyter or JupyterHub, whether it is a failure of the security model described in Security Overview or a failure in implementation, please report it to security@ipython.org.
If you prefer to encrypt your security reports, you can use this PGP public key.
this PGP public key