The Wayback Machine - https://web.archive.org/web/20200705064608/https://docs.github.com/en/github/managing-security-vulnerabilities/managing-vulnerabilities-in-your-projects-dependencies
👋 We've unified all of GitHub's product documentation in one place! Check out the content for REST API, GraphQL API, and Developers. Learn more on the GitHub blog.

Explore by product

GitHub.com
English
Article version: GitHub.com
GitHub.com Enterprise Server 2.21 Enterprise Server 2.20 Enterprise Server 2.19 Enterprise Server 2.18

Managing vulnerabilities in your project's dependencies

You can track your repository's dependencies and receive GitHub Dependabot alerts when GitHub detects vulnerable dependencies.

Were you able to find what you were looking for?

Browsing security vulnerabilities in the GitHub Advisory Database

The GitHub Advisory Database allows you to browse or search for vulnerabilities that affect open source projects on GitHub.

About alerts for vulnerable dependencies

GitHub sends GitHub Dependabot alerts when we detect vulnerabilities affecting your repository.

Configuring GitHub Dependabot security updates

You can use GitHub Dependabot security updates or manual pull requests to easily update vulnerable dependencies.

Viewing and updating vulnerable dependencies in your repository

If GitHub discovers vulnerable dependencies in your project, you can view them on the Dependabot alerts tab of your repository. Then, you can update your project to resolve or dismiss the vulnerability.

Managing alerts for vulnerable dependencies in your organization

Organization owners and repository admins receive GitHub Dependabot alerts when we detect a vulnerable dependency in an organization''s repository. You can specify additional organization members or teams with write access to also receive alerts for vulnerable dependencies.

Were you able to find what you were looking for?

Ask a human

Can't find what you're looking for?

Contact us

Product

Platform

Support

Company