Vulnerabilities are tracked by the Eclipse security team, in cooperation with the SWTChart project lead. Fixing vulnerabilities is taken care of by the SWTChart project committers, with assistance and guidance of the security team.
We recommend that in case of suspected vulnerabilities you do not use the SWTChart public issue tracker, but instead contact the Eclipse Security Team directly via security@eclipse.org.