There are some badges (Snyk, SonarCloud) in Readme file shows about code quality and vulnerabilities.
You can send an e-mail to [email protected] about any vulnerability issues. Violated rule (owasp etc.) should be expected from the reporter. If the vulnerability is accepted, it will be resolved as soon as possible.