[EDI] Editing security advisories in the GitHub Advisory Database (#59577)

sabrowning1 · Copilot · mchammer01 · web-flow · commit 3b1bff97a331 · 2026-02-12T17:57:43.000Z
Co-authored-by: Copilot &lt;175728472+Copilot@users.noreply.github.com&gt;
Co-authored-by: mc &lt;42146119+mchammer01@users.noreply.github.com&gt;
diff --git a/content/code-security/concepts/vulnerability-reporting-and-management/about-the-github-advisory-database.md b/content/code-security/concepts/vulnerability-reporting-and-management/about-the-github-advisory-database.md
@@ -23,7 +23,7 @@ redirect_from:
 
 Security advisories are published as JSON files in the Open Source Vulnerability (OSV) format. For more information about the OSV format, see [Open Source Vulnerability format](https://ossf.github.io/osv-schema/).
 
-## About types of security advisories
+## Types of security advisories
 
 Each advisory in the {% data variables.product.prodname_advisory_database %} is for a vulnerability in open source projects or for malicious open source software.
 
@@ -68,11 +68,11 @@ If you enable {% data variables.product.prodname_dependabot_alerts %} for your r
 
 Our malware advisories are mostly about substitution attacks. During this type of attack, an attacker publishes a package to the public registry with the same name as a dependency that users rely on from a third party or private registry, with the hope that the malicious version is consumed. {% data variables.product.prodname_dependabot %} doesn’t look at project configurations to determine if the packages are coming from a private registry, so we aren't sure if you're using the malicious version or a non-malicious version. Users who have their dependencies appropriately scoped should not be affected by malware.
 
-## About information in security advisories
+## Information in security advisories
 
 In this section, you can find more detailed information about specific data attributes of the {% data variables.product.prodname_advisory_database %}.
 
-### About GHSA IDs
+### GHSA IDs
 
 Each security advisory, regardless of its type, has a unique identifier referred to as a GHSA ID. A `GHSA-ID` qualifier is assigned when a new advisory is created on {% data variables.product.prodname_dotcom %} or added to the {% data variables.product.prodname_advisory_database %} from any of the supported sources.
 
@@ -89,7 +89,7 @@ You can validate a GHSA ID using a regular expression.
 /GHSA(-[23456789cfghjmpqrvwx]{4}){3}/
 ```
 
-### About CVSS levels
+### CVSS levels
 
 {% ifversion cvss-4 %} The {% data variables.product.prodname_advisory_database %} supports both CVSS version 3.1 and CVSS version 4.0.{% endif %}
 
@@ -105,7 +105,7 @@ The {% data variables.product.prodname_advisory_database %} uses the CVSS levels
 
 {% data reusables.repositories.github-security-lab %}
 
-### About EPSS scores
+### EPSS scores
 
 The Exploit Prediction Scoring System, or EPSS, is a system devised by the global Forum of Incident Response and Security Teams (FIRST) for quantifying the likelihood of vulnerability exploit. The model produces a probability score between 0 and 1 (0 and 100%), where the higher the score, the greater the probability that a vulnerability will be exploited. For more information about FIRST, see https://www.first.org/.
 
@@ -124,6 +124,13 @@ FIRST also provides additional information around the distribution of their EPSS
 
 At {% data variables.product.company_short %}, we do not author this data, but rather source it from FIRST, which means that this data is not editable in community contributions. For more information about community contributions, see [AUTOTITLE](/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/editing-security-advisories-in-the-github-advisory-database).
 
+## Community contributions
+
+A **community contribution** is a pull request submitted to the [`github/advisory-database`](https://github.com/github/advisory-database) repository that improves the content of a global security advisory. When you make a community contribution, you can edit or add any detail, including additional affected ecosystems, the severity level, or the description of who is impacted. The {% data variables.product.prodname_security %} curation team will review the submitted contributions and publish them onto the {% data variables.product.prodname_advisory_database %} if accepted.
+
+{% ifversion security-advisories-credit-types %}
+If we accept and publish the community contribution, the person who submitted the community contribution pull request will automatically be assigned a credit type of "Analyst". For more information, see [AUTOTITLE](/code-security/security-advisories/working-with-repository-security-advisories/creating-a-repository-security-advisory#about-credits-for-repository-security-advisories).{% endif %}
+
 ## Further reading
 
 * [AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts)
diff --git a/content/code-security/how-tos/report-and-fix-vulnerabilities/fix-reported-vulnerabilities/editing-security-advisories-in-the-github-advisory-database.md b/content/code-security/how-tos/report-and-fix-vulnerabilities/fix-reported-vulnerabilities/editing-security-advisories-in-the-github-advisory-database.md
@@ -1,6 +1,6 @@
 ---
 title: Editing security advisories in the GitHub Advisory Database
-intro: You can submit improvements to any advisory published in the {% data variables.product.prodname_advisory_database %} by making a community contribution.
+intro: Improve advisories published in the {% data variables.product.prodname_advisory_database %} by making community contributions.
 permissions: '{% data reusables.permissions.global-security-advisories-edit %}'
 redirect_from:
   - /code-security/security-advisories/editing-security-advisories-in-the-github-advisory-database
@@ -22,17 +22,11 @@ topics:
 shortTitle: Edit Advisory Database
 ---
 
-## Editing advisories in the {% data variables.product.prodname_advisory_database %}
-
-The advisories in the {% data variables.product.prodname_advisory_database %} are global security advisories. For more information about global security advisories, see [AUTOTITLE](/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/about-global-security-advisories).
-
-Anyone can suggest improvements on any global security advisory in the {% data variables.product.prodname_advisory_database %} by making a **community contribution**. A **community contribution** is a pull request submitted to the [github/advisory-database](https://github.com/github/advisory-database) repository that improves the content of a global security advisory. When you make a community contribution, you can edit or add any detail, including additionally affected ecosystems, severity level or description of who is impacted. The {% data variables.product.prodname_security %} curation team will review the submitted contributions and publish them onto the {% data variables.product.prodname_advisory_database %} if accepted.
+{% ifversion ghes %}
 
-{% ifversion security-advisories-credit-types %}
-If we accept and publish the community contribution, the person who submitted the community contribution pull request will automatically be assigned a credit type of "Analyst". For more information, see [AUTOTITLE](/code-security/security-advisories/working-with-repository-security-advisories/creating-a-repository-security-advisory#about-credits-for-repository-security-advisories).{% endif %}
+## Editing advisories in the {% data variables.product.prodname_advisory_database %}
 
-{% ifversion fpt or ghec %}
-Only repository owners and administrators can edit repository-level security advisories. For more information, see [AUTOTITLE](/code-security/security-advisories/working-with-repository-security-advisories/editing-a-repository-security-advisory).{% endif %}
+{% endif %}
 
 1. Navigate to https://github.com/advisories.
 1. Select the security advisory you would like to contribute to.
