Only the most recent version of pandoc is supported with security updates.

To report a vulnerability, email the maintainer, jgm@berkeley.edu. But first please read the section of the manual entitled A note on security, which describes some security guarantees pandoc does NOT make.