Our CNA assigns CVE IDs for:

Vulnerabilities in active packages hosted on Hex.pm, and in active projects hosted under the GitHub organizations @elixir-lang, @erlang, @erlef-cna, @erlef, @gleam-lang, and @hexpm, unless covered by the scope of another CNA.