liftmath is pure-Python, stdlib-only, and does no network calls or file I/O beyond what pip does at install time. The attack surface here is small, but if you find something, please report it privately instead of opening a public issue.
Use GitHub's private vulnerability reporting for this repo: https://github.com/munzzyy/liftmath/security/advisories/new
Include what you found, how to reproduce it, and the impact you think it has. I'll acknowledge reports on a best-effort basis (solo maintainer) and credit you in the fix unless you'd rather stay anonymous.
Only the latest release gets fixes. There's no long-term-support branch at this stage of the project.