Creating a security advisory

You can create a draft security advisory to privately discuss and fix a security vulnerability in your open source project.

In this article

Did this doc help you?

Help us make these docs great!

All GitHub docs are open source. See something that's wrong or unclear? Submit a pull request.

Make a contribution

Or, learn how to contribute.

Anyone with admin permissions to a repository can create a security advisory.

Note: If you are a security researcher, you should directly contact maintainers to ask them to create security advisories or issue CVEs on your behalf in repositories that you don't administer.

Creating a security advisory

  1. On GitHub, navigate to the main page of the repository.
  2. Under your repository name, click Security.
    Security tab
  3. In the left sidebar, click Security advisories.
    Security advisories tab
  4. Click New draft security advisory.
    Open draft advisory button
  5. Type a title for your security advisory.
    Title field
  6. Type the details about the security vulnerability that the security advisory addresses.
    Security advisory metadata
  7. Type a description of the security vulnerability.
    Security advisory vulnerability description
  8. Click Create security advisory.
    Create security advisory button

Next steps

Did this doc help you?

Help us make these docs great!

All GitHub docs are open source. See something that's wrong or unclear? Submit a pull request.

Make a contribution

Or, learn how to contribute.