I don't think this can be called a vulnerability issue, because basically this API endpoint only contains public data that can be accessed by everyone. There is only a GET method, where the public will only consume public data, cannot create, delete or modify.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
I don't think this can be called a vulnerability issue, because basically this API endpoint only contains public data that can be accessed by everyone. There is only a GET method, where the public will only consume public data, cannot create, delete or modify.