Security updates are provided for the latest public FSP release only.
Renesas maintains a dedicated portal to handle security incidents. The security policy as well as reporting method is described here: https://www.renesas.com/support/renesas-psirt.
Security Advisories are published here: https://www.renesas.com/support/renesas-psirt#advisories
Security incidents in third party code must be reported to the specific vendor.
All known applicable security incidents are listed in GitHub Issues: https://github.com/renesas/fsp/issues?q=label%3Aproduct_security_advisory