In GitHub repos, if you add a SECURITY.md file to the repo, it will be displayed in the security section of the repo.
E.g. in: https://github.com/ezsystems/ezplatform/security/policy 
More info: https://docs.github.com/en/github/managing-security-vulnerabilities/adding-a-security-policy-to-your-repository

Doing this for all repos, and maintaining supported versions in all of them as suggested, is not worth the trouble. But we can set up default files, that apply for all repos that don't have such files. This is not just about security, we can also add CONTRIBUTING, SUPPORT, and others. This involves creating a public repo called ".github", and populating it with the right files. If we do this for both ezsystems and ibexa, we're covered.
See: https://docs.github.com/en/github/building-a-strong-community/creating-a-default-community-health-file

The security file should not contain much stuff that has to be kept up to date, it should rather refer to these resources:
https://www.ibexa.co/software-information/security
https://doc.ibexa.co/en/latest/guide/reporting_issues/
https://developers.ibexa.co/security-advisories