Such information is kind of sensitive to share publicly. So even if someone knows, it is better not broadcast on a forum. But given the right reasons and approach, Mendix will probably answer your question. Just drop them a mail on email@example.com stating this question and pass along your list of third party components that are in use at your application. I guess, all you need is a solid answer stating: ‘No, none of the third-party components in your application have been at risk.’ Hope you get it.
Thank you for your response. I definitely see your point. I’ll get in touch with the mendix support.