Cursorless is still pre-1.0, and users are expected to use the latest version, so security vulnerabilities are only patched on the latest version. If you would like security patches on an older version, please open a discussion.

Please use the GitHub private security vulnerability reporting system.