Overview
- GitHub has published a record 1,560 reviewed advisories in a single month as incoming reports grew many times over the platform’s historical pace.
- Reports rose across every channel, with private vulnerability submissions, repository advisories and CVE requests all spiking and generating far more inbound items than curators can process.
- Since mid‑April many advisories that once cleared review in days now take multiple weeks because a larger share require complex work like identifying the correct package registry, reconstructing affected version ranges, or resolving conflicting upstream data.
- Despite the backlog, GitHub says reviewed advisories remain human‑validated and accurate, and its CVE assignment rate held at roughly 91–94 percent during the surge.
- To speed throughput GitHub is expanding backend capacity, deploying automation and AI‑assisted research tools, tightening triage to prioritize critical or well‑documented reports, and urging researchers and maintainers to submit complete, coordinated advisories to reduce bottlenecks.