I just [[T109331#1558739|learnt]] that phabricator is flooded with 11 (!) additional tags named Vuln-Something, which are only mentioned in https://www.mediawiki.org/wiki/Phabricator/Projects
I have no idea what's the use of such tags, but for sure they should be listed as subprojects of the main Security project, together with all the other subprojects. There is little gain in tracking security issues if they can't be found. https://phabricator.wikimedia.org/project/profile/30/