People with admin permissions to a security advisory can add collaborators to the security advisory.
Note: This article applies to editing repository-level advisories as an owner of a public repository.
Users who are not repository owners can contribute to global security advisories in the GitHub Advisory Database at github.com/advisories. Edits to global advisories will not change or affect how the advisory appears on the repository. For more information, see "Editing security advisories in the GitHub Advisory Database."
Adding a collaborator to a security advisory
Collaborators have write permissions to the security advisory. For more information, see "Permission levels for repository security advisories."
If you remove a user from a repository or organization, and the user is also a collaborator on a security advisory, GitHub will automatically remove the user as a collaborator for the security advisory. This prevents any unauthorized access from ex-collaborators. For more information about removing a collaborator on a security advisory, see "Removing a collaborator from a repository security advisory."
- On GitHub, navigate to the main page of the repository.
- Under the repository name, click Security. If you cannot see the "Security" tab, select the dropdown menu, and then click Security.
- In the left sidebar, under "Reporting", click Advisories.
- In the "Security Advisories" list, click the security advisory you'd like to add a collaborator to.
- On the right side of the page, under "Collaborators", type the name of the user or team you'd like to add to the security advisory.
- Click to add the selected user or team as a collaborator.