Since warnings plugin only parses the input data and outputs some json files, it does not have a major security impact on your system. It could however with its execute-in-place option (command) hide a potential security breach. If that is the case, please report a vulnerability.
We currently support the latest version, but if requested we can backport a fix to older major versions on request. In practice there is no major effort in always updating the plugin to use the latest version.
Please report all vulnerabilities through the GitHub Issue Tracker. Make sure you include ways to replicate it and, if possible, propose a Pull Request with a potential fix.