How-tos for fixing vulnerabilities

Repository maintainers can manage security vulnerabilities that have been privately reported to them by security researchers for repositories where private vulnerability reporting is enabled.

You can create a draft security advisory to privately discuss and fix a security vulnerability in your open source project.

You can publish a security advisory to alert your community about a security vulnerability in your project.

You can add other users or teams to collaborate on a security advisory with you.

When you remove a collaborator from a repository security advisory, they lose read and write access to the security advisory's discussion and metadata.

You can edit the metadata and description for a repository security advisory if you need to update details or correct errors.

You can delete a repository security advisory that you've published by contacting Support.

You can browse the GitHub Advisory Database to find CVEs and GitHub-originated advisories affecting the open source world.

You can submit improvements to any advisory published in the GitHub Advisory Database by making a community contribution.