The security fix info is intentionally non-detailed. Sites upgrade at different speeds, while we want to share that there was a security fix, we don’t want to provide detail to allow malicious actors to easily exploit it. The security fix is the commit message, so you can always look at our GitHub repo for security commits to see the code changes if you like.
We do not make our HackerOne reports public. While we previously allowed hackers to request disclosure of their reports, due to abuse received after doing so on multiple occasions we discontinued that.