Security advisories are published at: https://github.com/nim-lang/security/security/advisories?state=published
Security fixes are provided in new releases and in bugfix releases.
We do not backport security fixes to older releases.
(Yet, Linux distributions might backport security fixes for their packages.)
If you have discovered a vulnerability, please notify us about it via security@nim-lang.org in order to set up a meeting where we can discuss the next steps.
Please do not report vulnerabilities via GitHub issues.