The actions you can take in a repository security advisory depend on whether you have admin or write permissions to the security advisory.
This article applies only to repository-level security advisories. Anyone can contribute to global security advisories in the GitHub Advisory Database at github.com/advisories . Edits to global advisories will not change or affect how the advisory appears on the repository. For more information, see " Editing security advisories in the GitHub Advisory Database ."
Anyone with admin permissions to a public repository can create a security advisory.
Anyone with admin permissions to a public repository also has admin permissions to all security advisories in that repository. People with admin permissions to a security advisory can add collaborators, and collaborators have write permissions to the security advisory. For more information about adding a collaborator to a security advisory, see " Adding a collaborator to a repository security advisory ."