I have potential security vulnerabilities I would like to disclose however I am unable to find any security.md or any way of reporting these responsibly.
There is a Responsible Disclosure Programme. You can find details and form here: Policy - Responsible Disclosure - Tyk API Management