Hello, in other programming languages there are ways to track vulnerabilities of the packages that are used in one's source code. This is done via CVE lists.
Also in the case of LabVIEW, for example, cybersecurity vulnerabilities are published in such CVE lists, so that users can get notified and decide to patch it or not.
What we miss, in my opinion, is a similar tool for all the packages we install via VIPM. If those packages, as of today, are affected by a vulnerabilities, there is no way to know (in my knowledge).
It would be useful if, for the packages accessible via VIPM, such a CVE list is generated and maintained. Any user, would then track the packages he has installed and patch them when a soon as a fix is released.