It is used for security vulnerabilities which do not need a security advisory. For example, security issues in projects which do not have security advisory coverage, or forward-porting a change already disclosed in a security advisory. See Drupalโs security advisory policy for details.
Be careful publicly disclosing security vulnerabilities! Use the โReport a security vulnerabilityโ link in the project pageโs sidebar. See how to report a security issue for details.
โก๏ธ Live updates comments, jobs, and issues, tagged with #Security will update issues and activities on this page.