Any potential security vulnerabilities can be reported directly at security@storyblok.com. The Storyblok Team communicates privately and will work on resolving the issues depending on severity. At the moment there is no bug bounty program.
Thank you for disclosing your findings responsibly and helping to make Storyblok safe for everyone 🙏.