Multiple reachable assertions
Two CVEs (CVE-2018-14044, CVE-2018-14045) were recently assigned for reachable assertions, the reproducers are available here:
Not sure if those folks reported it to you already, they didn't reply to me when asked. However, such assertions seem to be used all over the place and it should be easy to trigger other asserts as well. I don't think that's the correct use of assert in the code. How about throwing exceptions instead of asserts so the applications using this library have a chance to handle it somehow cleanly instead of aborting?
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information