Security updates are implemented in the last release of the software.
So, in case a CVE is published reporting a vulnerability, the corrective action is updating the software to the last available update, or update to the first version reported as immune to the vulnerability either by the CVE report or by PeaZip's change log https://peazip.github.io/changelog.html
In case it is needed to backport a vulnerability correction to an older version, sources and instructions are available at https://peazip.github.io/peazip-sources.html , older version's sources are available at https://github.com/peazip/PeaZip/releases/ (as peazip-X.Y.Z.src.zip packages), and further support is available at https://peazip.github.io/peazip-more.html
To report a vulnerability, please read https://peazip.github.io/peazip-more.html fo the CVE list, link to the Issue Tracker, and for contacting the developer.
It is recommende to periodically browse a public CVE database like https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=peazip in order to stay informed about the current and past vulnerabilities of the application.