Since GitHub now have support for security advisories for each repository, this is where you'll find up-to-date reports and policies. You can always find more details on MITRE's CVE-program, and an overview on CVE Details.
Most prominently, Grav itself and the Admin-plugin are what every other extension builds on, therefore their advisories and policies are most important to follow:
Found errors? Think you can improve this documentation? Simply click the Edit link at the top of the page, and then the icon on Github to make your changes.
Powered by Grav + with by Trilby Media.