Over the 15 years that MathJax has been in existence, two potential vulnerabilities have been identified, and those have been fixed.
There was a recent
issue tracker that links to a security report run by the Wikimedia Foundation that lists some minor issues that it found. A quick scan of these suggests that they don't represent an problem for users of MathJax (the settings in which these appear are not ones that pose a threat), but you can check through them for yourself.
If you are using MathJax in a situation where readers of your pages can enter mathematics processed by MathJax, then you might want to consider using the
safe extension, which limits some of MathJax's features that could be abused by users. The link describes the extension in more detail and lists the configuration options that allow you to customize what features are being limited.
Davide