The package currently only uses Python standard libraries (see the project TOML), and has no 3rd party dependencies. Therefore the only security / vulnerability alerts that are relevant relate to Python itself, which would be addressed within Python.
If 3rd party dependencies are added there may be security patches applied as and when needed.
The repository is enabled with a number of features to ensure security, including CodeQL analysis, Dependabot alerts and secrets scanning.
Any vulnerability that could potentially impact the installation or performance of the package, or the accuracy of its results in computations, should be reported privately via email to the maintainer: s.murthy@tutanota.com.