The GitHub Security Lab has reached a milestone of disclosing over 500 CVEs to open-source projects, highlighting the ongoing need for security research in the open-source community. The Lab, rooted in the acquisition of Semmle by GitHub, uses tools like CodeQL to efficiently identify security vulnerabilities and collaborate with project maintainers to resolve issues, boasting a high fix rate of 96% for its reports. Notable vulnerabilities discovered include those in Apache Struts, Apple's ICMP code, the Corona Warn App Server, and the Log4J library, among others. The Lab emphasizes a maintainers-first approach, providing flexible disclosure timelines and support for issue resolution. As it continues to improve tools and methodologies, the Lab aims to reduce vulnerabilities through education and collaboration, urging the community to adopt security practices like code scanning and private vulnerability reporting to enhance open-source software security.