Security Advisories and GitHub Advisory Database now include Common Weakness Enumeration (CWE) and Common Vulnerability Scoring System (CVSS) information for advisories.

When you create a Security Advisory to disclose a vulnerability in your repository, in addition to severity, you can now include the CWE and the CVSS score of the vulnerability.
Security Advisories published by maintainers, as well as other curated vulnerabilities in GitHub's Advisory Database, now appear with CWE and CVSS information.
CWEs provide a consistent way of referring to software weaknesses, and CVSS scores provide more detail on why a vulnerability is a given severity.

To see CWE and CVSS information for an advisory, click on the advisory in the Advisory Database.

Learn more about creating a security advisory