Create CVEs for 2016 (especially for highly critical issues)

There are 2 highly critical issues from 2016 that would be good to create issues for:

Coder https://www.drupal.org/node/2765575 →

RESTWS https://www.drupal.org/node/2765567 →

We could also consider creating CVEs for most all issues going back a few years if we script up more of the process.
We can request cves for each year with https://github.com/RedHatProductSecurity/cvelib cve reserve 3 --year 2021 --random
We don't have to specify the CWE and CAPEC, so all the other data is automatable. We can add CWE/CAPEC if someone adds them in this issue (or a new issue to update them after this one is done).