The problem with open source projects often isn’t people finding exploits, but exploits being introduced by others on accident or on purpose.
I would be more worried about those being added in closed source projects.
Take the xz incident, having the code people were able to reverse engineer what was going on.
But on the CrowdStrike incident, while people engineered why it crashed the machines, this could have been someone adding a exploit in a jiatan way to exploit it later.
Many places you commit what you need, check what you need, but if someone had added some xz jiatan level thing... who would know? how long it would go unoticed?
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
I would be more worried about those being added in closed source projects.
Take the xz incident, having the code people were able to reverse engineer what was going on.
But on the CrowdStrike incident, while people engineered why it crashed the machines, this could have been someone adding a exploit in a jiatan way to exploit it later.
Many places you commit what you need, check what you need, but if someone had added some xz jiatan level thing... who would know? how long it would go unoticed?