Their security page[0] (which I found by googling “How do I report a vulnerability to Stripe”) suggests “emailing” them at security@stripe.com

Email is short for “electronic mail”. You can read up on what it is here[1].

[0] https://stripe.com/docs/security/stripe [1] https://en.m.wikipedia.org/wiki/Email

From: https://stripe.com/docs/security/stripe

> If you believe you’ve discovered a bug in Stripe’s security, please get in touch at security@stripe.com (optionally using our general PGP key). We will respond as quickly as possible to your report. We request that you not publicly disclose the issue until it has been addressed by Stripe.