Skip to content


Subscribe to all “advisorydatabase” posts via RSS or follow GitHub Changelog on Twitter to stay updated on everything we ship.

~ cd github-changelog
~/github-changelog|main git log main
showing all changes successfully

Open source maintainers can now opt-in to private vulnerability reporting, a dedicated communications channel where the community can disclose security issues directly to you on GitHub.

You can see reports sent to you under the new "Needs triage" status on your advisories list:
Screen Shot of Advisories tab

If the report is accepted, it becomes a draft security advisory. The reporter remains involved unless explicitly removed, so you can collaborate on phrasing the resulting draft advisory or fixing the issue in a private fork.

See more