If you think that you have found a security issue in the bundle, don't use the bug tracker and don't publish it publicly. Instead, please report via email to me@christianscheb.de.
See the "Version Guidance" section in README.md.
There are no known security issues in version 5 or above.