Permission levels for repository security advisories

Permissions overview

Repository owners, organization owners, security managers, and users with the admin role can:

Collaborators have write permissions to the security advisory.

Action	Write permissions	Admin permissions
See a draft security advisory
Add collaborators to the security advisory (see Adding a collaborator to a repository security advisory)
Edit and delete any comments in the security advisory
Create a temporary private fork in the security advisory (see Collaborating in a temporary private fork to resolve a repository security vulnerability)
Add changes to a temporary private fork in the security advisory (see Collaborating in a temporary private fork to resolve a repository security vulnerability)
Create pull requests in a temporary private fork (see Collaborating in a temporary private fork to resolve a repository security vulnerability)
Merge changes in the security advisory (see Collaborating in a temporary private fork to resolve a repository security vulnerability)
Add and edit metadata in the security advisory (see Publishing a repository security advisory)
Add and remove credits for a security advisory (see Editing a repository security advisory)
Close the draft security advisory
Publish the security advisory (see Publishing a repository security advisory)

Unlike repository security advisories, anyone can contribute to global security advisories in the GitHub Advisory Database at github.com/advisories. Edits to global advisories will not change or affect how the advisory appears on the repository. See Editing security advisories in the GitHub Advisory Database.