You can probably already create a repo and use Github as an oracle for security vulns. This seems like it'd be very beneficial to people for which security is a second priority (so most developers).
EDIT: Although your concerns might apply to unconfirmed public PRs
EDIT: Although your concerns might apply to unconfirmed public PRs