False positive for plugin vulnerability?

I’m one of the authors of the BuddyPress Docs plugin https://wordpress.org/plugins/buddypress-docs/ and I received a user report that Jetpack Protect is reporting that the latest version of the plugin has “a known security vulnerability”. Your AI support bot said that you use WP Scan’s vulnerability database, but I don’t see any public, pending vulnerabilities there. I haven’t received any private communication from your team, or from WP Scan, or from other reporters. Could someone on your team please have a look, and follow up privately if there’s a non-public vulnerability that for some reason has not been reported to me? Thanks in advance for your help.