This is an external fork. Do not report anything anywhere until you know where it is coming from. Test the issue against the official go implementation and if you can reproduce it there, report to them. See below. If it is directly affecting this fork, open an issue here.
We support the past two Go releases (for example, Go 1.17.x and Go 1.18.x when Go 1.18.x is the latest stable release).
See https://go.dev/wiki/Go-Release-Cycle and in particular the Release Maintenance part of that page.
See https://go.dev/security/policy for how to report a vulnerability.