serpapi-search-rust is using hyper as client which use the same security policy as the Tokio project.

The current project does not add any security hole in the stack. The security issues related HTTP client can be addressed with the Tokio project. This includes private reporting via security@tokio.rs.

Security issues related to the JSON parsing are handle by the project: serde. see: https://github.com/serde-rs