Creating a security advisory
You can create a draft security advisory to privately discuss and fix a security vulnerability in your open source project.
Anyone with admin permissions to a repository can create a security advisory.
Creating a security advisory
-
On GitHub, navigate to the main page of the repository.
-
Under your repository name, click Security.
-
In the left sidebar, click Advisories.
-
Click New draft security advisory.
-
Type a title for your security advisory.
-
Type the details about the security vulnerability that the security advisory addresses.
-
Type a description of the security vulnerability.
-
Click Create security advisory.
Next steps
- Comment on the draft security advisory to discuss the vulnerability with your team.
- Add collaborators to the security advisory. For more information, see "Adding a collaborator to a security advisory."
- Privately collaborate to fix the vulnerability in a temporary private fork. For more information, see "Collaborating in a temporary private fork to resolve a security vulnerability."
- Publish the security advisory to notify your community of the security vulnerability. For more information, see "Publishing a security advisory."