Skip to main content

此版本的 GitHub Enterprise Server 已于以下日期停止服务 2024-03-26. 即使针对重大安全问题,也不会发布补丁。 为了获得更好的性能、更高的安全性和新功能,请升级到最新版本的 GitHub Enterprise。 如需升级帮助,请联系 GitHub Enterprise 支持

关于全局安全公告

全局安全公告位于 GitHub Advisory Database,它是影响开源环境的 CVE 和 GitHub 发起的公告集合。 你可以为改进全局安全公告做出贡献。

About global security advisories

Global security advisories are grouped into these categories: GitHub-reviewed advisories, and unreviewed advisories.

  • GitHub-reviewed advisories are security vulnerabilities that have been mapped to packages in ecosystems we support. We carefully review each advisory for validity and ensure that they have a full description, and contain both ecosystem and package information.
  • Unreviewed advisories are security vulnerabilities that we publish automatically into the GitHub Advisory Database, directly from the National Vulnerability Database feed.

Note: Dependabot doesn't generate Dependabot alerts for unreviewed advisories.

For more information about the GitHub Advisory Database, see "About the GitHub Advisory database."

Security advisories in the GitHub Advisory Database at github.com/advisories are considered global advisories. Anyone can suggest improvements on any global security advisory in the GitHub Advisory Database. You can edit or add any detail, including additionally affected ecosystems, severity level or description of who is impacted. The GitHub Security Lab curation team will review the submitted improvements and publish them onto the GitHub Advisory Database if accepted.

Every repository advisory is reviewed by the GitHub Security Lab curation team for consideration as a global advisory. We publish security advisories for any of the ecosystems supported by the dependency graph to the GitHub Advisory Database on github.com/advisories.

You can access any advisory in the GitHub Advisory Database. For more information, see "Browsing security advisories in the GitHub Advisory Database."

You can suggest improvements to any advisory in the GitHub Advisory Database. For more information, see "Editing security advisories in the GitHub Advisory Database."