Skip to main content

This version of GitHub Enterprise was discontinued on 2023-03-15. No patch releases will be made, even for critical security issues. For better performance, improved security, and new features, upgrade to the latest version of GitHub Enterprise. For help with the upgrade, contact GitHub Enterprise support.

About global security advisories

Global security advisories live in the GitHub Advisory Database, a collection of CVEs and GitHub-originated advisories affecting the open source world. You can contribute to improving global security advisories.

About global security advisories

Global security advisories are grouped into two categories: GitHub-reviewed advisories and unreviewed advisories.

  • GitHub-reviewed advisories are security vulnerabilities that have been mapped to packages in ecosystems we support.
  • Unreviewed advisories are security vulnerabilites that we publish automatically into the GitHub Advisory Database, directly from the National Vulnerability Database feed.

For more information about the GitHub Advisory Database, see "About the GitHub Advisory database."

Security advisories in the GitHub Advisory Database at github.com/advisories are considered global advisories. Anyone can suggest improvements on any global security advisory in the GitHub Advisory Database. You can edit or add any detail, including additionally affected ecosystems, severity level or description of who is impacted. The GitHub Security Lab curation team will review the submitted improvements and publish them onto the GitHub Advisory Database if accepted.

Every repository advisory is reviewed by the GitHub Security Lab curation team for consideration as a global advisory. We publish security advisories for any of the ecosystems supported by the dependency graph to the GitHub Advisory Database on github.com/advisories.

You can access any advisory in the GitHub Advisory Database. For more information, see "Browsing security advisories in the GitHub Advisory Database."

You can suggest improvements to any advisory in the GitHub Advisory Database. For more information, see "Editing security advisories in the GitHub Advisory Database."