qsv has a very rapid release tempo, with at least one release/week. It has a built-in self-update engine that makes it very convenient to upgrade to the latest version. As such, only the latest release will have security updates.
If you've found a vulnerability, please create an issue in GitHub.
However, if a vulnerability is severe and could lead to zero-day exploits, please send an email to [email protected] instead.
The vulnerability report will be addressed within one business day. A mitigation/workaround, if available, will be included in the next release and mentioned in the changelog, with zero-day mitigations only being mentioned only when it's been fully fixed.