CVE assignment pending past 72-hour SLA for published advisory #200225
Replies: 8 comments 11 replies
-
|
I've been experiencing the same issue. It's has been like 108hrs since reported vulnerabilities CVE request sent to GitHub. I'll be following this discussion to see what is causing this issue |
Beta Was this translation helpful? Give feedback.
-
|
Same applied on my end I have the similar experience on some of my reports |
Beta Was this translation helpful? Give feedback.
-
|
Same. I was facing the same issues. Not only the CVE assignment delay issue, but also the CVE publish delay issue. So, it looks like a huge backlog for CVEs. I believe the backlog will impact the downstream users, the high risk to expose the downstream users without any notices. |
Beta Was this translation helpful? Give feedback.
-
|
@mgriffin any updates 😔 |
Beta Was this translation helpful? Give feedback.
-
|
@nicl4ssic @gemstone-source @blueandhack @mgriffin any updates from your side maybe anything worked out from your side, to me no updates |
Beta Was this translation helpful? Give feedback.
-
|
No any updates till now |
Beta Was this translation helpful? Give feedback.
-
|
No updates too |
Beta Was this translation helpful? Give feedback.
-
|
hello @nihaonihao045-maker
…On Tue, 30 Jun 2026 at 00:32, nihaonihao045-maker ***@***.***> wrote:
- 你好
—
Reply to this email directly, view it on GitHub
<#200225?email_source=notifications&email_token=AYOUUAPCXSR2A5CJWRHLM3T5CLOAXA5CNFSNUABIM5UWIORPF5TWS5BNNB2WEL2ENFZWG5LTONUW63SDN5WW2ZLOOQXTCNZUG43DOMRRUZZGKYLTN5XKM3LBNZ2WC3FFMV3GK3TUVRTG633UMVZF6Y3MNFRWW#discussioncomment-17476721>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AYOUUAOLA3QGWUOXZZ7OJOL5CLOAXAVCNFSNUABIKJSXA33TNF2G64TZHMZTAMJVG4ZTGNBUHNCGS43DOVZXG2LPNY5TCMBTGI2DSNJVUF3AE>
.
Triage notifications, keep track of coding agent tasks and review pull
requests on the go with GitHub Mobile for iOS
<https://github.com/notifications/mobile/ios/AYOUUAODKZFNDTOM4QOD6BL5CLOAXA5CNFSNUABIM5UWIORPF5TWS5BNNB2WEL2ENFZWG5LTONUW63SDN5WW2ZLOOQXTCNZUG43DOMRRUZZGKYLTN5XKM3LBNZ2WC3FFMV3GK3TUVJTG633UMVZF62LPOM>
and Android
<https://github.com/notifications/mobile/android/AYOUUAKPBJF54OGE5INUSS35CLOAXA5CNFSNUABIM5UWIORPF5TWS5BNNB2WEL2ENFZWG5LTONUW63SDN5WW2ZLOOQXTCNZUG43DOMRRUZZGKYLTN5XKM3LBNZ2WC3FFMV3GK3TUVZTG633UMVZF6YLOMRZG62LE>.
Download it today!
You are receiving this because you are subscribed to this thread.Message
ID: ***@***.***
com>
|
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Discussion Type
Question
Discussion Content
Hi everyone,
I'm reaching out to see if anyone else has been experiencing unusual delays with CVE ID assignments recently, or if there's a recommended way to unblock stalled requests.
Over the past few weeks I've been conducting vulnerability research and responsibly disclosing several issues. The maintainers have requested CVE IDs through GitHub's CNA, but the requests appear to be stalled.
These requests were submitted over four days ago, which is well beyond the typical 72-hour SLA. None of the advisories have received any updates, requests for additional information, or CVE assignments. Since the advisories are already public, we're hoping to have the corresponding CVE IDs assigned as soon as possible so downstream users and security tools can properly track the vulnerabilities.
I have a few questions for the community or any GitHub staff who may be able to help:
(I'm happy to provide direct links if needed.)
Any guidance or assistance would be greatly appreciated. Thank you!
Beta Was this translation helpful? Give feedback.
All reactions