CWE and CVSS in Security Advisories

Security Advisories and GitHub Advisory Database now include Common Weakness Enumeration (CWE) and Common Vulnerability Scoring System (CVSS) information for advisories.

When you create a Security Advisory to disclose a vulnerability in your repository, in addition to severity, you can now include the CWE and the CVSS score of the vulnerability.
Security Advisories published by maintainers, as well as other curated vulnerabilities in GitHub's Advisory Database, now appear with CWE and CVSS information.
CWEs provide a consistent way of referring to software weaknesses, and CVSS scores provide more detail on why a vulnerability is a given severity.

To see CWE and CVSS information for an advisory, click on the advisory in the Advisory Database.

Learn more about creating a security advisory

JUN.9Release
Dependabot version updates now support the Deno ecosystem
- Supply Chain Security
JUN.9Retired
Upcoming breaking changes for npm v12
- Supply Chain Security
MAY.26Release
Dependabot version updates now support the sbt ecosystem
- Supply Chain Security
MAY.22Release
Staged publishing and new install-time controls for npm
- Supply Chain Security
MAY.19Retired
Upcoming deprecation of Python 3.9 for Dependabot
- Supply Chain Security
MAY.12Retired
Synchronous SBOM API deprecated
- Supply Chain Security
MAY.11Improvement
Cross-org Dependabot access for internal repositories
- Supply Chain Security
MAY.6Release
Search and filter bar for repository security advisories
- Supply Chain Security
MAY.5Release
Dependency scanning with GitHub MCP Server is in public preview
- Supply Chain Security

CWE and CVSS in Security Advisories

Related Posts

Subscribe to our developer newsletter