Removing a collaborator from a repository security advisory

When you remove a collaborator from a repository security advisory, they lose read and write access to the security advisory's discussion and metadata.

In this article

People with admin permissions to a security advisory can remove collaborators from the security advisory.

Note: This article applies to editing repository-level advisories as an owner of a public repository.

Users who are not repository owners can contribute to global security advisories in the GitHub Advisory Database at github.com/advisories. Edits to global advisories will not change or affect how the advisory appears on the repository. For more information, see "Editing security advisories in the GitHub Advisory Database."

Removing a collaborator from a security advisory

If you remove a user from a repository or organization, and the user is also a collaborator on a security advisory, GitHub will automatically remove the user as a collaborator for the security advisory. This prevents any unauthorized access from ex-collaborators.

  1. On GitHub, navigate to the main page of the repository.

  2. Under the repository name, click Security. If you cannot see the "Security" tab, select the dropdown menu, and then click Security.

    Screenshot of a repository header showing the tabs. The "Security" tab is highlighted by a dark orange outline.

  3. In the left sidebar, under "Reporting", click Advisories.

  4. In the "Security Advisories" list, click the name of the security advisory you'd like to remove a collaborator from.

  5. On the right side of the page, under "Collaborators", find the name of the user or team you'd like to remove from the security advisory.

  6. Next to the collaborator you want to remove, click Remove.

    Screenshot of the "Collaborators" area in the right sidebar of a draft security advisory. The "Remove username" button is outlined in dark orange.

Further reading