Common Vulnerabilities and Exposures (https://www.cve.org) IDs are a unique identifiers given to security flaws. The CVE FAQ described it best. CVE has be come a de facto standard for identifying vulnerabilities and security flaws.
A1. What is CVE? CVE is a list of information security vulnerabilities and exposures that aims to provide common names for publicly known problems. The goal of CVE is to make it easier to share data across separate vulnerability capabilities (tools, repositories, and services) with this "common enumeration."
oss-security has not been used for CVE assignment requests since 2017: https://www.openwall.com/lists/oss-security/2017/02/09/7
To request a CVE be assigned for open source software that's not covered by a specific CNA you can submit a request to either MITRE or the Red Hat open source CNA: