requested to merge adbcurate/packagist_kevinpapst_kimai2_CVE_2021_4033_yml into master
identifier should be the CVE id when it exists.
description must not contain an overview of the package, fixed versions, affected versions, solution or links. It leverages the Markdown syntax.
date is the date on which the advisory was made public (or updated).
urls must contain URLs specific to the vulnerability, not URLs generic to the package itself.
not_impacted lists old versions that are not impacted, if any, the fixed versions.
solution tells how to remediate the vulnerability.
title is a short description. It does not contain the package name.