People with admin permissions to a security advisory can add collaborators to the security advisory.
Note: This article applies to editing repository-level advisories as a repository owner.
Users who are not repository owners can contribute to global security advisories in the GitHub Advisory Database at github.com/advisories. Edits to global advisories will not change or affect how the advisory appears on the repository. For more information, see "Editing security advisories in the GitHub Advisory Database."
Collaborators have write permissions to the security advisory. For more information, see "Permission levels for repository security advisories."
If you remove a user from a repository or organization, and the user is also a collaborator on a security advisory, GitHub will automatically remove the user as a collaborator for the security advisory. This prevents any unauthorized access from ex-collaborators. For more information about removing a collaborator on a security advisory, see "Removing a collaborator from a repository security advisory."
- On GitHub.com, navigate to the main page of the repository.
- Under the repository name, click Security. If you cannot see the "Security" tab, select the dropdown menu, and then click Security.
- In the left sidebar, under "Reporting", click Advisories.
- In the "Security Advisories" list, click the security advisory you'd like to add a collaborator to.
- On the right side of the page, under "Collaborators", type the name of the user or team you'd like to add to the security advisory.
- Click to add the selected user or team as a collaborator.