This is where you'd put your project's security policy. Be sure to enable "Private vulnerability reporting" on GitHub within the "Code security and analysis" section of repository settings and update the below URL to your repository's (owner/name) slug.
Use this section to inform users about which versions of your project are currently being supported with security updates.
Vulnerabilities can be disclosed privately by creating a new security advisory. Maintainers will follow up with a fix and coordinate a release within the security advisory.