2.1 KiB
{% data reusables.repositories.navigate-to-repo %} {% data reusables.repositories.sidebar-security %}
-
Click Report a vulnerability to open the advisory form.
-
Fill in the advisory details form. {% tip %}
Tip: In this form, only the title and description are mandatory. (In the general draft security advisory form, which the repository maintainer initiates, specifying the ecosystem is also required.) However, we recommend security researchers provide as much information as possible on the form so that the maintainers can make an informed decision about the submitted report. You can adopt the template used by our security researchers from the {% data variables.product.prodname_security %}, which is available on the "
github/securitylabrepository."{% endtip %}
For more information about the fields available and guidance on filling in the form, see "AUTOTITLE" and "AUTOTITLE."
-
At the bottom of the form, click Submit report. {% data variables.product.prodname_dotcom %} will display a message letting you know that maintainers have been notified and that you have a pending credit for this security advisory.
{% tip %}
Tip: When the report is submitted, {% data variables.product.prodname_dotcom %} automatically adds the reporter of the vulnerability as a collaborator and as a credited user on the proposed advisory.
{% endtip %}
-
Optionally, click Start a temporary private fork if you want to start to fix the issue. Note that only the repository maintainer can merge changes from that private fork into the parent repository.
