Library and dependency packages with GitHub Security Advisories — parallel to Applications (which are vendor products)