six cves in one open-source e-commerce project

how i reported six shopper cves spanning authorization bypass, privilege escalation, race conditions, idor, and xss