JonathanLEvans

@ReanimationXP, yes, @qix can request CVE IDs for these issues by creating a repo advisories for them and using the request a CVE ID feature.

Hi @Qix-, we will handle any conflicts on our end. If you [publish a repo advisory](https://docs.github.com/en/code-security/security-advisories/working-with-repository-security-advisories/creating-a-repository-security-advisory) and [request a CVE ID](https://docs.github.com/en/code-security/security-advisories/working-with-repository-security-advisories/publishing-a-repository-security-advisory#requesting-a-cve-identification-number-optional), we will assign and publish the CVE. We will...

Thank you for bringing this to our attention! The version ranges in the advisories have been corrected. Please let us know if there are any more issues.

👋 @shivakumar-loginsoft, thank you for your contribution. Could you make a [pull request](https://github.com/advisories/GHSA-x8rq-rc7x-5fg5/improve) for this? Also, based on the huntr and hackerone reports, I believe you mean `@uppy/companion` instead of...

Hi @shivakumar-loginsoft, We updated GHSA-x8rq-rc7x-5fg5 to reflect the correct affected package. Thank you for your contribution!

👋 @keysmashes, Thank you for bringing this to our attention. GitHub is not the assigning CNA for CVE-2025-50817. To dispute the CVE, you need to contact MITRE (the assigning CNA)...