GitHub has enhanced its dependency graph feature, initially available for JavaScript and Ruby, to include security alerts for projects with dependencies, benefiting both public and private repositories. This update notifies users of vulnerabilities detected in their dependencies and suggests fixes from the GitHub community, aiming to improve code safety by leveraging GitHub's extensive open-source data. Users can enable the dependency graph and receive security alerts automatically for public repositories, while private repositories require opting in. Administrators have default access to these alerts and can configure additional recipients. The alerts are based on vulnerabilities with CVE IDs from the National Vulnerability Database, though GitHub acknowledges that not all vulnerabilities are publicly disclosed with these IDs. This initiative marks a significant step in GitHub's ongoing efforts to enhance security measures, with plans to expand support to Python in 2018.