Concepts for vulnerability reporting and management
Learn core concepts relating to vulnerability reporting and management on GitHub.
GitHub Advisory database
Research known security vulnerabilities and malware in open source packages, so you can understand and remediate the risks in your dependencies.
Innersource advisories
Enterprises can alert their internal repositories to vulnerabilities and ship automated fixes with Dependabot, using advisories that stay private to a single enterprise.
Repository security advisories
You can use repository security advisories to privately discuss, fix, and publish information about security vulnerabilities in your public repository.
Global security advisories
Global security advisories are CVEs and GitHub-originated advisories affecting the open source world, located in the GitHub Advisory Database.
Coordinated disclosure of security vulnerabilities
Vulnerability disclosure is a coordinated effort between security reporters and repository maintainers.
Exposure to vulnerabilities in your code and in dependencies
Understand how vulnerabilities in your own code and in third-party dependencies contribute to your organization's overall security exposure, and how to measure and reduce that risk.