We monitored public changelogs of popular open-source projects to detect unreported security fixes. We found 600+ vulnerabilities, 25% high or critical, with most never being reported. We achieved this by using dual LLM models to monitor change logs and verify the result with our security engineers.
