A step-by-step guide for open source maintainers on how to handle vulnerability reports confidently from the start.| The GitHub Blog
You can create a draft security advisory to privately discuss and fix a security vulnerability in your open source project.| GitHub Docs
You can use repository security advisories to privately discuss, fix, and publish information about security vulnerabilities in your public repository.| GitHub Docs