We open-source maintainers are not the only ones drowning in AI & security reports.

GitHub used to assign CVEs in 2–3 days. Now it takes two weeks. I had to play that game quite a few times lately - seems they have an issue too.

Did you know:
CVE IDs start at 4 digits with CVE-YYYY-NNNN - quite optimistic 😎 And now we're already past CVE-2026-52828 and it's only June.

Here is how I handle security issues for Kimai: https://www.kimai.org/documentation/security.html

Ideas for improvements are welcome.