Managing security vulnerabilities in your project

You can discover, discuss, fix, and disclose security vulnerabilities in your repositories.

Adding a security policy to your repository

You can give instructions for how to responsibly report a security vulnerability in your project by adding a security policy to your repository.

About maintainer security advisories

You can use maintainer security advisories to privately discuss, fix, and publish information about security vulnerabilities in your repository.

Permission levels for maintainer security advisories

The actions you can take in a maintainer security advisory depend on whether you have admin or write permissions to the advisory.

Creating a maintainer security advisory

You can create a draft advisory to privately discuss and fix a security vulnerability in your open source project.

Adding a collaborator to a maintainer security advisory

You can add other users or teams to collaborate on a security advisory with you.

Collaborating in a temporary private fork to resolve a security vulnerability

You can create a temporary private fork to privately collaborate on fixing a security vulnerability in your repository.

Publishing a maintainer security advisory

You can publish a maintainer security advisory to alert your community about a security vulnerability in your project.

Ask a human

Can't find what you're looking for?

Contact us