This is a community maintained project, so there are no security guarantees unless they're sponsored.
However security fixes will be provided if there is availability and if the project is being maintained at the moment of the finding.
Please open a pull request discussing your findings and a potential fix.