You can track your repository's dependencies and receive alerts when GitHub detects vulnerable dependencies.

About security alerts for vulnerable dependencies

GitHub tracks reported vulnerabilities in certain dependencies and provides security alerts to affected repositories.

Viewing and updating vulnerable dependencies in your repository

If GitHub discovers vulnerable dependencies in your project, you can view them on the Alerts tab of your repository. Then, you can update your project to resolve the vulnerability.

Managing alerts for vulnerable dependencies in your organization's repositories

Organization owners and repository admins receive security alerts when GitHub detects a vulnerable dependency in an organization repository. You can specify additional organization members or teams to also receive security alerts for vulnerable dependencies.