Only the most recent version of pandoc is supported with security updates.
To report a vulnerability, email the maintainer, [email protected]. But first please read the section of the manual entitled A note on security, which describes some security guarantees pandoc does NOT make.