Yes, you need to check security issues reported for packages and then take a decision. What is the alternative?