Update:

GitHub got back to me and decided to lower the vulnerability rating in response to my feedback. Furthermore, they advised me to enable Private Vulnerability Reporting feature so that I could get a chance at tackling the reports before they hit all package users next time. Great response!

SNYK still didn't get back to me, though, and I have no idea if another feedback channel exists.