If you believe you've found something in Django REST framework JSON:API which has security implications, please do not raise the issue in a public forum.

Send a description of the issue via email to rest-framework-jsonapi-security@googlegroups.com. The project maintainers will then work with you to resolve any issues where required, prior to any public disclosure.