Managing security vulnerabilities in your project

You can give instructions for how to responsibly report a security vulnerability in your project by adding a security policy to your repository.

You can use GitHub Security Advisories to privately discuss, fix, and publish information about security vulnerabilities in your repository.

The actions you can take in a security advisory depend on whether you have admin or write permissions to the security advisory.

You can create a draft security advisory to privately discuss and fix a security vulnerability in your open source project.

You can add other users or teams to collaborate on a security advisory with you.

When you remove a collaborator from a security advisory, they lose read and write access to the security advisory's discussion and metadata.

You can create a temporary private fork to privately collaborate on fixing a security vulnerability in your repository.

You can publish a security advisory to alert your community about a security vulnerability in your project.

You can edit the metadata and description for a security advisory if you need to update details or correct errors.

You can withdraw a security advisory that you've published.