The FreeCAD project is a FOSS (Free and Open-Source Software) project that has a community of thousands of users and hundreds of developers worldwide. We encourage responsible reporting of security vulnerabilities that may affect users of this software, and will endeavor to address these vulnerabilities when they are discovered.
The LibPack is a collection of many subprojects. As such, subproject vulnerabilities are common, and we strive for frequent updates to the LibPack to ensure that self-compiling FreeCAD users have limited exposure to the vulnerabilities that arise.
To report a vulnerability use GitHub's security reporting tool: https://github.com/FreeCAD/FreeCAD-LibPack/security/advisories/new