Hi, I concur, if you use github, its easiest workflow wise to use the Github Security Advisories and their CVE allocation ability.
Ciao, Marcus On Wed, Jun 10, 2026 at 05:36:03PM +0800, swing sze wrote: > HI, > > https://github.com/openwrt/odhcpd/security > > Are you using the GitHub Security Advisor feature to submit CVEs? > > > Hauke Mehrtens <[email protected]> 于2026年6月10日周三 16:59写道: > > > Hi, > > > > How to get a CVE number as a community driven open source project > > (OpenWrt)? We do not have a security department or a big company backing > > us. > > > > Multiple security problems were reported to OpenWrt in the last few > > months. We want to assign CVE numbers to these problems, but have > > problems requesting numbers. > > > > We contacted mitre in the past, but did not got a response within 2 > > weeks. Using github security advisories worked fine 2 months ago, we got > > a CVE number in some days. Currently this does not work any more, we are > > already waiting for 1 week. > > > > How to get a CVE number? > > > > We (OpenWrt) are a community driven open source project and got multiple > > reports from individuals and organizations like OpenAI. > > > > We requested multiple CVE Numbers on github for this project: > > https://github.com/openwrt/odhcpd > > > > Hauke > > -- Marcus Meissner (he/him), Distinguished Engineer / Senior Project Manager Security SUSE Software Solutions Germany GmbH, Frankenstrasse 146, 90461 Nuernberg, Germany GF: Jochen Jaser, Andrew McDonald, Werner Knoblich, HRB 36809, AG Nuernberg
