About global security advisories
There are two types of advisories: global security advisories and repository security advisories. Global advisories live in the GitHub Advisory Database and are grouped into three categories:
GitHub-revisados** los avisos se asignan a los paquetes en ecosistemas que respaldamos. Revisamos cuidadosamente cada aviso de validez y garantizamos que contienen una descripción completa y la información del ecosistema y del paquete.
- Los avisos no revisados se publican automáticamente en el GitHub Advisory Database, directamente desde el feed de la Base de Datos de Vulnerabilidades Nacional.
- Los avisos de malware se relacionan con vulnerabilidades causadas por malware y son exclusivos del ecosistema de npm . Los publicamos automáticamente en el GitHub Advisory Database, directamente desde la información proporcionada por el equipo de seguridad de npm.
Nota:
Dependabot doesn't generate Dependabot alerts for unreviewed and malware advisories.
Every repository advisory is reviewed by the GitHub Security Lab curation team for consideration as a global advisory. We publish security advisories for any of the ecosystems supported by the dependency graph to the GitHub Advisory Database.
Anyone can suggest improvements on any global security advisory. You can edit or add any detail, including additionally affected ecosystems, severity level or description of who is impacted. The GitHub Security Lab curation team will review the submitted improvements.
Next steps
Access advisories in the GitHub Advisory Database. See Exploración de los avisos de seguridad en GitHub Advisory Database.