All non-archived repositories are supported; within them, the latest release and any later pre-release are supported.

As a general rule, vulnerabilities in dependencies are not considered, especially when they're ReDos vulnerabilities.

Please contact Mark Wubben by emailing mark@novemberborn.net.