Article version: GitHub.com
Managing vulnerabilities in your project's dependencies
You can track your repository's dependencies and receive security alerts when GitHub detects vulnerable dependencies.
Browsing security vulnerabilities in the GitHub Advisory Database→
The GitHub Advisory Database allows you to browse or search for vulnerabilities that affect open source projects on GitHub.
About security alerts for vulnerable dependencies→
GitHub sends security alerts when we detect vulnerabilities affecting your repository.
Configuring automated security updates→
You can use automated or manual pull requests to easily update vulnerable dependencies.
Viewing and updating vulnerable dependencies in your repository→
If GitHub discovers vulnerable dependencies in your project, you can view them on the Alerts tab of your repository. Then, you can update your project to resolve the vulnerability.
Managing alerts for vulnerable dependencies in your organization→
Organization owners and repository admins receive security alerts when we detect a vulnerable dependency in an organization repository. You can specify additional organization members or teams with write access to also receive security alerts for vulnerable dependencies.