There's a process called vulnerability coordination, where you would work together with the vendors themselves to coordinate that vulnerability, to disclose it to other organizations using the same vulnerability.
On February 4th, 2019. See this statement in context.