People with admin permissions to a security advisory can remove collaborators from the security advisory.
Note: This article applies to editing repository-level advisories as a repository owner.
Users who are not repository owners can contribute to global security advisories in the GitHub Advisory Database at github.com/advisories. Edits to global advisories will not change or affect how the advisory appears on the repository. For more information, see "Editing security advisories in the GitHub Advisory Database."
Removing a collaborator from a security advisory
If you remove a user from a repository or organization and the user is also a collaborator on a security advisory, the user will still have access to the security advisory.
On GitHub.com, navigate to the main page of the repository.
Under the repository name, click Security. If you cannot see the "Security" tab, select the dropdown menu, and then click Security.
In the left sidebar, under "Reporting", click Advisories.
In the "Security Advisories" list, click the name of the security advisory you'd like to remove a collaborator from.
On the right side of the page, under "Collaborators", find the name of the user or team you'd like to remove from the security advisory.
Next to the collaborator you want to remove, click Remove.