The popular open source project, 'ip' had its GitHub repository archived, or made "read-only" by its developer as a result of a dubious CVE report filed for his project. Unfortunately, open-source developers have recently been met with an uptick in debatable or outright bogus CVEs filed for their projects.
This was already answered in the article: verify your security findings. Make a POC that actually exploits the vulnerability, then submit it with your report.