macOS High Sierra 10.13.0 was released on 2017-09-25. Sierra (10.12 and El Capitan (10.11) were not patched on that day. So if you didn't upgrade to 10.13.0 _on the first day of its availability_, you were missing out on these security fixes: https://support.apple.com/de-de/HT208144

Apple only released patches for 10.12 and 10.11 along with 10.13.1, more than a month later (2017-10-31): https://support.apple.com/de-de/HT208221

The same pattern happened when 10.12.0 was released - older systems only started receiving security fixes on the day 10.12.1 was released.

So it is generally true that Apple keeps the three most recent versions of macOS secure, but there's always this awkward gap around September where they don't.