The vulnerability was acknowledged and fixed in 1 day. If that's indicative of the type of response the project's authors have, color me impressed. Also, this post is for version 0.2. I ain't scurred for personal projects.
Author of that secvuln report here. It was fixed by the playground server being decommissioned. I do not know the exact timeframe of any fix that was made to that playground service. Pedantically, I guess the server being permanently decommissioned could count as a fix. However it does not bode well.