Create an issue and add the label "security" to report a vulnerability. Since this is right now maintained in free time, it might take a while. Providing a detailed description or a pull request with the fix are the best ways to support and speed up the process.

The free version of snyk.io is used to track security issues.

type-alias contains the main module with the java annotation processing based file generator. Any security issue within this module will be fixed with priority.

Every other module is more or less an example on how to use the main module. They are not meant to be used directly. Issues there will only be fixed ocasionally.