This is a SaaS product. So the current version is supported.

Please raise a security advisory through GitHub

Tell them where to go, how often they can expect to get an update on a reported vulnerability, what to expect if the vulnerability is accepted or declined, etc.