People with admin permissions to a security advisory can edit the security advisory.
You can credit people who helped discover, report, or fix a security vulnerability. If you credit someone, they can choose to accept or decline credit.
If someone accepts credit, the person's username appears in the "Credits" section of the security advisory. Anyone with read access to the repository can see the advisory and the people who accepted credit for it.
- On GitHub, navigate to the main page of the repository.
- Under your repository name, click Security.
- In the left sidebar, click Security advisories.
- In the "Security Advisories" list, click the security advisory you'd like to edit.
- In the upper-right corner of the details for the security advisory, click .
- Type the details about the security vulnerability that the security advisory addresses.
- Type a description of the security vulnerability.
- Optionally, edit the "Credits" for the security advisory.
- Click Update security advisory.
- The people listed in the "Credits" section will receive an email or web notification inviting them to accept credit. If a person accepts, their username will be publicly visible once the security advisory is published.