[Schema Inaccuracy] Repository Vulnerability Alert's webhook create action missing lots of fields for Organization, Repository, and Sender

[sdwilsh]

Schema Inaccuracy

Repository only seems to contain id, node_id, name, full_name, private, owner (also missing a bunch of things), html_url, description, fork, and default_branch. The other actions provide many more things.
Organization only seems to contain login, id, node_id, url, avatar_url, and description. Compared to other events, it's missing repos_url, events_url, hooks_url, issues_url, members_url, and public_members_url.
Sender only seems to contain login, id, node_id, avatar_url, type, and site_admin. Compared to other events, it's missing gravatar_id, url, html_url, followers_url, following_url, gists_url, starred_url, subscriptions_url, organizations_url, repos_url, events_url, received_events_url, and user_view_type.

Expected

The spec has definitions for these, but it's not sent. Either the spec needs to be updated or what sends needs to be updated; I don't really care which.

Reproduction Steps

I can get webhook payload examples if needed, but unlike REST API, this is a bit harder to reproduce at will.