Please do not report security vulnerabilities through public GitHub issues.

Please report vulnerabilities to this repository via GitHub security advisories instead.

How? Inside affected repository --> security tab --> advisories --> New draft security advisory

In severe cases, you can also report a found vulnerability here: https://www.eclipse.org/security/