The OPAQUE protocol is still in the process of specification. Therefore, this implementation evolves with the draft. Only the latest version will be benefit from security fixes. Maintainers of projects using this implementation of OPAQUE are invited to update their dependency.
Vulnerabilities can be reported through Github issues, here: https://github.com/bytemare/opaque/security/advisories If the issue is sensitive enough that the reporter thinks the discussion needs more confidentiality, we can discuss options there (e.g. On a Security Advisory or per e-mail).