In addition to the other answers saying "no don't do this" (which I 100% agree with), I will also suggest a more diplomatic route (this might be tricky and might not work in all situations), because sometimes (but not always) it's worth the effort:

Assuming that these discoveries were not a part of a formal test plan on a test matrix, give the person who's "begging" you the chance to make it right on their own. You could tell them that you won't be formally reporting the issues until $someDate (that could be after or immediately before their vacation, depending on when dates are and how long they are away and how far away that date is) though if he'd like to report the issue before that, then he can and you won't raise it. At the same time, I'd also suggest sending a message to your supervisor/team lead saying you have found some potential problems but you want a bit more time for testing and you will send a detailed report when ready.

This strategy gives the developer a chance to save some face and report them at a time that might not ruin their plans (and if they've made long-term plans to visit family in a far-away land, it would suck to have those plans ruined, but that's also not really your problem - it's a problem the Developer needs to sort out with management) and also relieves you from the problem of keeping secrets. If the Developer doesn't report by $someDate , you send in your report. If they do report, at least you still get credit for having discovered it first.

I don't know the true nature of these problems. If you feel that these vulnerabilities are currently exploitable by any random attackers and you can demonstrate a proof-of-concept of this (on a TEST machine, not production, without getting in trouble) then you should report it immediately, or make the Developer report it immediately (with your test data as proof - don't let him take your credit).

Think how much trouble you'd be in if it is discovered that you had knowledge about the issue and said nothing.