The latest version will always contain all possible security fixes, as the NPM ecosystem does not allow version overrides in publishing. Therefor, if you want to stay secure, please use the latest version available.

Please open a GitHub issue for all kinds of detected vulnerabilities related to the JS SDK. If you found other issues related to the CMS, please use the issues of the main repository instead.