Depends on the software, what it does, known vulnerabilities (in the software itself but also underlying libraries etc).
Since it is likely intercepting DNS and blocking known ad domains, it could be vulnerable to exploits which rely on malicious encoding in DNS records etc