To report a vulnerability, please open a private vulnerability report at https://github.com/rollup/rollup/security.
While the discovery of new vulnerabilities is rare, we also recommend always using the latest versions of Rollup and its official plugins to ensure your application remains as secure as possible.