What type of issues are not considered as security issues?
TYPO3 admin requires the highest privilege in TYPO3 context. TYPO3 admins don't need to exploit vulnerabilities to do harm on an installation. Therefore, we consider issues only exploitable by TYPO3 admins as regular bugs, that will be handled in public.
TYPO3 Install Tool
The TYPO3 Install Tool is only accessible by TYPO3 admin users with system maintainer privileges. Like for TYPO3 admin users, potential issues in the TYPO3 Install Tool are considered as bugs, that will be handled in public.
Enumerating usernames or email addresses in TYPO3 Extensions are not considered as a security vulnerability. For details see TYPO3-PSA-2019-002.
If you are unsure if the issue you want to report is a security vulnerability or not, please send us your report anyway.