Permission levels for repository security advisories

This article applies only to repository-level security advisories. Anyone can contribute to global security advisories in the GitHub Advisory Database at github.com/advisories . Edits to global advisories will not change or affect how the advisory appears on the repository. For more information, see " Editing security advisories in the GitHub Advisory Database ."

Permissions overview

Anyone with admin permissions to a public repository can create a security advisory.

Anyone with admin permissions to a public repository also has admin permissions to all security advisories in that repository. People with admin permissions to a security advisory can add collaborators, and collaborators have write permissions to the security advisory. For more information about adding a collaborator to a security advisory, see " Adding a collaborator to a repository security advisory ."

Action	Write permissions	Admin permissions
See a draft security advisory
Add collaborators to the security advisory (see " Adding a collaborator to a repository security advisory ")
Edit and delete any comments in the security advisory
Create a temporary private fork in the security advisory (see " Collaborating in a temporary private fork to resolve a repository security vulnerability ")
Add changes to a temporary private fork in the security advisory (see " Collaborating in a temporary private fork to resolve a repository security vulnerability ")
Create pull requests in a temporary private fork (see " Collaborating in a temporary private fork to resolve a repository security vulnerability ")
Merge changes in the security advisory (see " Collaborating in a temporary private fork to resolve a repository security vulnerability ")
Add and edit metadata in the security advisory (see " Publishing a repository security advisory ")
Add and remove credits for a security advisory (see " Editing a repository security advisory ")
Close the draft security advisory
Publish the security advisory (see " Publishing a repository security advisory ")

Further reading

• " Adding a collaborator to a repository security advisory "
• " Collaborating in a temporary private fork to resolve a repository security vulnerability "
• " Removing a collaborator from a repository security advisory "
• " Deleting a repository security advisory "