Security vulnerabilities should be reported via an email to noosfero-security@listas.softwarelivre.org, which ia a private mailing list. Reported problems will be published after fixes are available.
The members of the mailing list are people who provide Noosfero (Noosfero committers, mainly).