Creating a security advisory

You can create a draft security advisory to privately discuss and fix a security vulnerability in your open source project.

En este artículo

Anyone with admin permissions to a repository can create a security advisory.

Nota: Si eres un investigador de seguridad, debes contactar directamente a los mantenedores para pedirles que creen asesorías de seguridad o que emitan CVEs en tu nombre en los repositorios que no administras.

Creating a security advisory

  1. En GitHub, visita la página principal del repositorio.
  2. Debajo de tu nombre de repositorio, da clic en Seguridad. Pestaña de seguridad
  3. En la barra lateral izquierda, haga clic en Security advisories (Avisos de seguridad). Pestaña de avisos de seguridad
  4. Click New draft security advisory. Open draft advisory button
  5. Type a title for your security advisory.
  6. Teclea los detalles de la vulnerabilidad de seguridad que está tratando la asesoría de seguridad. Metadatos de asesoría de seguridad
  7. Select the severity of the security vulnerability. To assign a CVSS score, select "Assess severity using CVSS" and click the appropriate values in the calculator. GitHub calculates the score according to the "Common Vulnerability Scoring System Calculator." Drop-down menu to select the severity
  8. Add common weakness enumerators (CWEs) for the kinds of security weaknesses that this security advisory addresses. For a full list of CWEs, see the "Common Weakness Enumeration" from MITRE.
  9. If you have an existing CVE identifier, select "I have an existing CVE identifier" and type the CVE identifier in the text box. Otherwise, you can request a CVE from GitHub later. For more information, see "About GitHub Security Advisories."
  10. Escribe una descripción de la vulnerabilidad de seguridad. Descripción de vulnerabilidad en la asesoría de seguridad
  11. Click Create draft security advisory. Create security advisory button

Next steps

Did this doc help you?Privacy policy

Help us make these docs great!

All GitHub docs are open source. See something that's wrong or unclear? Submit a pull request.

Make a contribution

O, learn how to contribute.