Vulnerability 1: this async search vulnerability is related to ELv2 Elastic licensed code; not OpenSearch. The async search API was licensed ALv2 but it was removed in PR#10, because the implementation is licensed ELv2.
Vulnerability 2: this Document and Field Level Security vulnerability is in licensed ELv2 code and was removed (along w/ HLRC) in OpenSearch in PR#16
Vulnerability 3: this Document and Field Level Security vulnerability is in licensed ELv2 code and was removed (along w/ HLRC) in OpenSearch in PR#16