diff --git a/SECURITY.md b/SECURITY.md
index 90102e191264..1f54183d68eb 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -16,4 +16,7 @@ You'll find more information about the key here: [KEYS](./KEYS)
 
 ## Reporting a Vulnerability
 
-To report a security vulnerability, please send an email to security@junit.org. You can use the [published OpenPGP key](https://keys.openpgp.org/search?q=security%40junit.org) with fingerprint `0152DA30EABC7ABADCB09D10D9A6B1329D191D25` to encrypt the message body.
+To report a security vulnerability, you have two options:
+
+- [Privately report a vulnerability](https://github.com/junit-team/junit5/security/advisories/new) on GitHub (see [docs](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability) for details)
+- Send an email to security@junit.org. You can use the [published OpenPGP key](https://keys.openpgp.org/search?q=security%40junit.org) with fingerprint `0152DA30EABC7ABADCB09D10D9A6B1329D191D25` to encrypt the message body.