Identifying vulnerabilities in your project's dependencies with Dependabot alerts

Dependabot generates Dependabot alerts when known vulnerabilites are detected in dependencies that your project uses.

Browsing security vulnerabilities in the GitHub Advisory Database

The GitHub Advisory Database allows you to browse or search for vulnerabilities that affect open source projects on GitHub.

Editing security advisories in the GitHub Advisory Database

You can submit improvements to any advisory published in the GitHub Advisory Database.

About Dependabot alerts

GitHub sends Dependabot alerts when we detect vulnerabilities affecting your repository.

Configuring Dependabot alerts

Enable Dependabot alerts to be notified when a new vulnerability is found in one of your dependencies.

Viewing and updating Dependabot alerts

If GitHub discovers vulnerable dependencies in your project, you can view them on the Dependabot alerts tab of your repository. Then, you can update your project to resolve or dismiss the vulnerability.

Configuring notifications for Dependabot alerts

Optimize how you receive notifications about Dependabot alerts.