You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi, I'm hoping to get some guidance on pending CVE assignments.
I'm the reporter/author on two published repository security advisories that
still have no CVE ID assigned, past the usual 72-hour review window:
GHSA-xm28-xvqc-gxxg (copernik-eu/copernik-xml-factory, XXE / CWE-611,
fixed in 0.1.2). Published ~a week ago; a CVE was requested ~a week ago
and again two days ago.
GHSA-526j-582w-7fm9 (python-social-auth/social-core). Published 2026-06-30,
same situation.
Could someone clarify whether these requests are still queued, were declined,
or need anything further — and the right next step to get them unstuck? As far
as I can tell neither project is covered by another CNA, so both should be
eligible. Happy to provide any details. Thanks very much.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
Hi, I'm hoping to get some guidance on pending CVE assignments.
I'm the reporter/author on two published repository security advisories that
still have no CVE ID assigned, past the usual 72-hour review window:
fixed in 0.1.2). Published ~a week ago; a CVE was requested ~a week ago
and again two days ago.
same situation.
Could someone clarify whether these requests are still queued, were declined,
or need anything further — and the right next step to get them unstuck? As far
as I can tell neither project is covered by another CNA, so both should be
eligible. Happy to provide any details. Thanks very much.
Beta Was this translation helpful? Give feedback.
All reactions