GitHub has partnered with WhiteSource to bring their vulnerability database into GitHub’s security vulnerability alerts. This additional data increases the number of known vulnerabilities to better protect your projects from risks in vulnerable dependencies.
Maintainer security advisories
We’ve released maintainer security advisories as a public beta. Maintainer security advisories allow open source maintainers to privately discuss, fix, and publish notices about security vulnerabilities in repositories.
GitHub may additionally create security alerts to all affected downstream repositories as appropriate.