Splunk does not advise about vulnerabilities in add-ons, to my knowledge. It's possible to get a notification when a new version of an app is available from from Splunkbase, but that's about it.
--- If this reply helps you, Karma would be appreciated.