Our CNA assigns CVE IDs for:

Vulnerabilities in active packages hosted on Hex.pm, and in active projects hosted under the GitHub organizations @elixir-lang, @erlang, @erlef-cna, @erlef, @gleam-lang, @hexpm, @nerves-hub, @nerves-project, and @OpenRiak unless covered by the scope of another CNA.