@unknwon

Hi, thanks for your passion and careness here! While we wouldn't be able to review your security report and confirm the triage during our last batch of work, the report sequence is honored when we request CVEs from GitHub when we get to it. Meanwhile, if you have means to request CVEs out-of-band, you're welcome to do so as some of the GHSAs we have published did, and in that case, we will simply attach the CVE number directly to GHSA (if deemed to publish one in the first place).

You should also feel free to send pull requests at any time, and we will review at our earliest convenience.

Please be patient as no one is paid to work on this project, and everyone has their life.

Hi @unknwon, thanks for the reply.
I've just opened a github issue as public reference for the MITRE org, but in my opinion and experience requesting a CVE trough github advisory is way faster.

Please be patient as no one is paid to work on this project, and everyone has their life..
I strongly agree with you, I didn't mean to be rude/hasty/hurried in any way. Sorry is this is the message that passed.