Check the top of the http://dar.linux.free.fr page for the branches that are released (green or turquoise color). Any release of these branches are supported for security vulnerability report.
Vulnerabilities should be reported by email to [email protected] or by openning a private issue at github https://github.com/Edrusb/DAR
You should get an acknoledgment at most a couple of days later.
Any security vulnerabilites will be handled with top priority. Care will be taken to protect users against the consequences of any security vulnerability, including the way to communicate about it.