No Dependabot alert for CVE-2020-8184

I wondering why my repos haven’t gotten any Dependabot alerts (and automated security updates for CVE-2020-8184 found in rack:

Is it because the CVE isn’t in any of the sources GitHub uses? How is that possible when the issue even was found and fixed by GitHub Staff?

Also, dependabot-preview managed to pick up the security issue:

This is really confusing to me.

Hi dentarg,

I’ve just moved this question over to How to use Git and GitHub since I think you’re more likely to get the right :eyes: on it there.