Creating a maintainer security advisory
You can create a draft advisory to privately discuss and fix a security vulnerability in your open source project.
Note: Maintainer security advisories are currently in public beta and subject to change.
Anyone with admin permissions to a repository can create a security advisory.
On GitHub, navigate to the main page of the repository.
Under your repository name, click Security.
In the left sidebar, click Advisories.
Click Open draft advisory.
Type a title for your security advisory.
Type a description of the security vulnerability.
Click Create draft advisory.
Next, you can:
- Comment on the draft advisory to discuss the vulnerability with your team.
- Add collaborators to the advisory. For more information, see "Adding a collaborator to a maintainer security advisory."
- Privately collaborate to fix the vulnerability in a temporary private fork. For more information, see "Collaborating in a temporary private fork to resolve a security vulnerability."