Comment by xwall
OMG! I was getting similar GitHub notification emails, saying detected vulnerability in your repo, but never figured it out as fake before this news, anyway I never clicked because I'm a lazy programmer :), once it's written it's written I do rewrite the code but don't find bugs and fix in my code. :D
The GitHub security alert digest[1] is a real thing. It's a feature of GitHub where they report security vulnerabilities in your project's dependencies. For example, if you use python and you have specified requests library in your requirements.txt, GitHub will send you emails about disclosed vulnerabilities in that library, urging you to upgrade to a higher version where it's fixed.
[1] https://docs.github.com/en/code-security/dependabot/dependab...