I only support the latest version of the app for all Nextcloud versions that still have official support.

You may use GitHub to report security vulnerabilities unless you feel that it is not easily fixable and would affect many users. In this case, please email me directly using olav at seyfarth dot de. There is an OpenPGP key available for this address at https://keys.openpgp.org/ that you may use.

Since I am doing this as a hobby project, I cannot provide any bounty for reporting, sorry.