CVE's usually link to the SCM issue/pull request where the conversation, and reproduction takes place. We've been finding and patching vulnerabilities for decades without the need for dedicated websites to inform folks, so that reason for these sites needing to exist doesn't make any sense.
On CVE I see a fact-oriented bug tracker style database of CVE issues with a schmorgus board link/reference barf on each CVE page, but on the OP site I see a really well presented (with videos, faq, paper) description of the issue? It does feel self-marketing yes, but it's entirely deserved if they found the issue?
I'm sure keen folk can digest SCM pull requests, but that population is a super minority I think to well presented content disseminated on youtube, sites, blogs, etc.
I don't think CVE being mandated as the only place vulnerability/conversations are had would be optimal, no?
I know HN frowns on grammar-policing comment, and rightly so; but I thought nonetheless you might like to know (and it looks so much more formal this way anyway!) that it's "smörgåsbord" (or the diacritics are commonly omitted in English).
