Most security risks can come from dependent libraries that have to be updated by Dependabot. If any issues found with the code itself - please feel free to submit pull request.
In case if a vulnerability is found, please open an issue with a detailed explanation of the vulnerability.