How to Receive Security Advisory Notifications
While GitHub does not have a dedicated "subscribe to new advisories" button for a single repository, here are the best ways to stay informed:
Watch "All Activity": This is the most direct method within GitHub. Go to the repository, click the Watch button, and select "All Activity." You will be notified of all conversations, including new releases, issues, and published security advisories. The downside is that this can be noisy for very active repositories.
Check the Repository's Security Policy: Look for a SECURITY.md file in the repository. Maintainers often use this file to detail how they handle security issues and how they disclose vulnerabilities. They may have a dedicated mailing list or another channel for security announcements.
Monitor the GitHub Advisory Database: All published advisories are collected in the GitHub Advisory Database. You can visit this database to browse and search for advisories across all of GitHub.