Concepts for vulnerability reporting and management

The GitHub Advisory Database contains a list of known security vulnerabilities and malware, grouped in three categories: GitHub-reviewed advisories, unreviewed advisories, and malware advisories.

You can use repository security advisories to privately discuss, fix, and publish information about security vulnerabilities in your public repository.

Global security advisories live in the GitHub Advisory Database, a collection of CVEs and GitHub-originated advisories affecting the open source world. You can contribute to improving global security advisories.

Vulnerability disclosure is a coordinated effort between security reporters and repository maintainers.

Understanding your organization’s exposure to vulnerabilities in first-party code and in all dependencies is essential for enabling you to efficiently assess, prioritize, and remediate vulnerabilities, reducing the likelihood of security breaches.