Page History
...
If this release includes fixes to any draft security advisories, make sure to request CVEs from GitHub as early as you can. As of 2022, GitHub's policies currently say they will respond within 3 working days. Since the announcement of the release requires the CVEs, you'll want to make sure that you have the CVEs assigned as early as reasonably possible.
(Keep in mind requesting CVEs does NOT make the security advisories public. They will not become public until you publish them. We recommend not publishing the security advisories until the release is already completed and the announcement is about to go out.)
...
Overview
Content Tools