They did say they already requested CVEs that way. I just asked some Github staff about the current situation, and apparently May was the highest volume month ever. So, there's a backlog they're trying to work through and catch up.
Someone also pointed me to this guide if you wanted to become a CNA yourself: https://sethmlarson.dev/security-developer-in-residence-weekly-report-17#becoming-a-cve-numbering-authority-as-an-open-source-project Hopefully the Github team will catch up soon and get back to their usual timeliness. - Sam On Wed, 2026-06-10 at 11:27 +0000, Marcus Meissner wrote: > Hi, > > I concur, if you use github, its easiest workflow wise to use the Github > Security Advisories and their CVE allocation ability. > > Ciao, Marcus > On Wed, Jun 10, 2026 at 05:36:03PM +0800, swing sze wrote: > > HI, > > > > https://github.com/openwrt/odhcpd/security > > > > Are you using the GitHub Security Advisor feature to submit CVEs? > > > > > > Hauke Mehrtens <[email protected]> 于2026年6月10日周三 16:59写道: > > > > > Hi, > > > > > > How to get a CVE number as a community driven open source project > > > (OpenWrt)? We do not have a security department or a big company backing > > > us. > > > > > > Multiple security problems were reported to OpenWrt in the last few > > > months. We want to assign CVE numbers to these problems, but have > > > problems requesting numbers. > > > > > > We contacted mitre in the past, but did not got a response within 2 > > > weeks. Using github security advisories worked fine 2 months ago, we got > > > a CVE number in some days. Currently this does not work any more, we are > > > already waiting for 1 week. > > > > > > How to get a CVE number? > > > > > > We (OpenWrt) are a community driven open source project and got multiple > > > reports from individuals and organizations like OpenAI. > > > > > > We requested multiple CVE Numbers on github for this project: > > > https://github.com/openwrt/odhcpd > > > > > > Hauke > > > >
signature.asc
Description: This is a digitally signed message part
