How long time in average does it take to provide security fixes for AL AppStream packages?
For example, PHP developers announce the release of php-8.0.30 on
03 Aug 2023 as a security fix. Almalinux provided the fix on 19-Oct-2023. I find that a bit long time to provide a security fix classified by Red Hat as a score of 8.6
The page that you did link to does show that Red Hat too did release a fix for RHEL in 19-Oct-2023. AlmaLinux was no slower nor faster than Red Hat.
Perhaps you should ask from Red Hat why it took them that long (despite how they did classify the issue)?