i think there are some unsafe wholes in k2 extension , i work with k2 at all but in last 3 month i faced 3 attacks and when i checked i informed that one of them was a comment spam from k2 comments and the other was a without permission login and created 2 users in k2 users.
i interest using k2 but these issues are not acceptable
can anybody guide me to avoid this attacks?
thanks a lot

There are no security issues in K2.
You have simply not configured your site correctly.

If you are having spam issues simply enable reCaptcha, Akismet or both.
If you do not user registration (which is a Joomla! thing not a K2) simply deactivate it.
If you do need your users to register, then enable captcha in the registration page as well.

thank you dear Krikor for your reply
i really like to know more about the issue you told me. can you tell me please how can i enable reCaptcha, Akismet or both?
and do you know how the malwares can enter in the website without user name and pw and make some k2 users in the administration ?
I would like to hear you more about this issue because this is my main problem these days

@Khashayar

The antispam options of K2 can be found under K2 parameters. Regarding the items creation, you first need to check the K2 user groups permissions regarding front-end editing. If you don't need it disable it under K2 parameters. If you need is set properly the K2 user groups permissions. The only thing that is sure is that there is no way for someone with no username and password to add items. Unless something really bad is happening in your server and the attackers have direct access to the database.