Please do not report security vulnerabilities through public GitHub issues.
Please report vulnerabilities to this repository via GitHub security advisories instead.
How? Inside affected repository --> security tab
for contributor: --> Report a vulnerability
for committer: --> advisories --> New draft security advisory
In severe cases, you can also report a found vulnerability via mail or eclipse issue here: https://www.eclipse.org/security/