The interesting part seems to be that the bugs were disclosed in april and there still is no fix in sight, but there is no word from the maintainer about the situation. Also no info on how realistic an attack would be.
Original title is "GHSL-2023-112, GHSL-2023-102, GHSL-2023-103, GHSL-2023-092: Buffer Overflows in Notepad++ - CVE-2023-40031, CVE-2023-40036, CVE-2023-40164, CVE-2023-40166", but whether you eliminate the GHSLs or CVEs, it's too long to submit, hence the cut down title.