In case of finding a vulnerabiity, please open an issue. If the vulnerability is related to Tone.js or any other library used, please contact the respective authors as well.