You can browse the GitHub Advisory Database to find advisories for security risks in open source projects that are hosted on GitHub.
You can submit improvements to any advisory published in the GitHub Advisory Database.
GitHub AE sends Dependabot alerts when we detect that your repository uses a vulnerable dependency.
Enable Dependabot alerts to be generated when a new vulnerable dependency is found in one of your repositories.
If GitHub AE discovers insecure dependencies in your project, you can view details on the Dependabot alerts tab of your repository. Then, you can update your project to resolve or dismiss the alert.
Optimize how you receive notifications about Dependabot alerts.