Concepts for vulnerability reporting and management

The GitHub Advisory Database contains a list of known security vulnerabilities and malware, grouped in three categories: GitHub-reviewed advisories, unreviewed advisories, and malware advisories.

Global security advisories are CVEs and GitHub-originated advisories affecting the open source world, located in the GitHub Advisory Database.

Understanding your organization’s exposure to vulnerabilities in first-party code and in all dependencies is essential for enabling you to efficiently assess, prioritize, and remediate vulnerabilities, reducing the likelihood of security breaches.