Wherever the app’s code is on. I usually go around finding the link in the store page or through the search engine. Most of the time, they end up on GitHub and GitLab, sometimes on Codeberg or other instance.
Paranoid section ahead: Don’t blindly trust the issues list, closed or open, because there are still ways to permanently delete those, hence giving bad actor a way to hide evidence of the on-going security problem.
Sending a tinsy-winsy appreciation to how you handle this dialog. Smooth. 🎩