Google removed our app from Google Play because
it uses software that contains security vulnerabilities and violates our Malicious Behavior policy.
So they ask us to:
Fix all of the security vulnerabilities listed in your Play Console that have past deadlines
However, this is a Cordova app that merely opens a certain url. So how would I know what exactly is considered a security vulnerability?
Open google play console and you should see an "alerts" item in the left sidebar that will tell you what the problem is. In my case I had an app using an old version of jQuery, so I needed to update that and check for any reversions