Vulnerabilities in Corda can be reported by following the Corda responsible disclosure policy:

https://www.corda.net/participate/security.html

Security announcements affecting Corda will be published on the Corda mailing list. People can subscribe to [email protected] to receive security updates when they are made available.

Security updates are made for the latest version of Corda.