Are other OS maintainers being spammed with Security Vulnerabilities?

Question

I'm being hit with small, nitpick security vulnerabilities, like being able to IDOR profile images for other users on a self-hosted software.Then the submitters are spamming me to release a vulnerability, despite me messaging stating the next release will trigger the release (there are no release dates for my product, but usually every 3 months).It's becoming overwhelming. What practices are other maintainers putting in place?

Guestmodinfo · Accepted Answer

Is it possible to let AI analyze your messages and only show you the ones which don't contain certain keywords like "i will release vulnerability".

mmarian · Answer

I don't have any big open source projects, but why not just ignore them?

dubyabee2 · Answer

Yes. It is across most categories of software and services.