You should be familiar with this tiring email notification from GitHub. If you have tons of repositories on GitHub like me, you will receive tons of these emails virtually every day, and this can be annoying as most time, the vulnerabilities come from installed packages, which might get updated daily.
Full article