Currently, some advisories seem published without looping in project maintainers.

This is problematic because an advisory submitted by a third party may contain misunderstanding and may result in sending false alerts to users.
In the worst case, an advisory may also contain malicious suggestion that will rather decrease the security.

I'd suggest GitHub to make some attempt to loop in project maintainers before publishing advisories.
This will be also beneficial to reduce zero-day attacks.