Skip to main content

This version of GitHub Enterprise Server was discontinued on 2024-09-25. No patch releases will be made, even for critical security issues. For better performance, improved security, and new features, upgrade to the latest version of GitHub Enterprise Server. For help with the upgrade, contact GitHub Enterprise support.

Editing security advisories in the GitHub Advisory Database

You can submit improvements to any advisory published in the GitHub Advisory Database by making a community contribution.

Editing advisories in the GitHub Advisory Database

The advisories in the GitHub Advisory Database are global security advisories. For more information about global security advisories, see About global security advisories.

Anyone can suggest improvements on any global security advisory in the GitHub Advisory Database by making a community contribution. A community contribution is a pull request submitted to the github/advisory-database repository that improves the content of a global security advisory. When you make a community contribution, you can edit or add any detail, including additionally affected ecosystems, severity level or description of who is impacted. The GitHub Security Lab curation team will review the submitted contributions and publish them onto the GitHub Advisory Database if accepted.

  1. Navigate to https://github.com/advisories.
  2. Select the security advisory you would like to contribute to.
  3. On the right-hand side of the page, click the Suggest improvements for this vulnerability link.
  4. In the "Improve security advisory" form, make the desired improvements. You can edit or add any detail.
  5. Under Reason for change, explain why you want to make this improvement. If you include links to supporting material this will help our reviewers.
  6. When you finish editing the advisory, click Submit improvements.
  7. Once you submit your community contribution, a pull request containing your changes will be created for review in github/advisory-database by the GitHub Security Lab curation team. If the advisory originated from a GitHub repository, we will also tag the original publisher for optional commentary. You can view the pull request and get notifications when it is updated or closed.

You can also open a pull request directly on an advisory file in the github/advisory-database repository. For more information, see the contribution guidelines.

Editing advisories from GitHub Enterprise Server

If you have GitHub Connect enabled on your instance, you will be able to see advisories by adding /advisories to the instance url.

  1. Navigate to https://HOSTNAME/advisories.
  2. Select the security advisory you would like to contribute to.
  3. On the right-hand side of the page, click the Suggest improvements for this vulnerability on GitHub. link. A new tab opens with the same security advisory on GitHub.
  4. Edit the advisory, following steps four through six in Editing advisories in the GitHub Advisory Database above.