Since I don't expect any big vulnerability in the Cyrkensia code itself but rather it's dependencies, any issue can be reported in GitHub's issue tab. Pull Request (e.g. by Dependabot) will be accepted immediately when it's fixing a big security vulnerability in a dependency.
Despite it, only the current Minor version with it's Patch versions is supported, like 1.0.* (e.g. 1.0.0, 1.0.1, 1.0.2, ...).