Currently, there are security vulnerabilities in the D3js version 3.4.1, is there any fix done in the newer versions. I don't see any documentation in the changelog related to the security vulnerability.

I am seeing 2 security vulnerabilities in D3.js 

1. Dynamic Code injection or execution: Where random code can be executed by the attacker in the front-end using the HTML input,

2. Race Condition: In a multi-threading system, threads need to execute concurrently in some order, but the attacker may exploit the order of execution and he may get access to some data.