wRPC is currently pre-1.0.0 and security vulnerabilities, although unlikely, are possible. Post-1.0.0 release the last 2 major versions will be supported with security patches.

For reporting a security vulnerability please either use GitHub Security Advisory reporting or email rvolosatovs@riseup.net