...
As far as we can tell, the answer is “no,” outside collaborators should not be able to access any internal repositories by default because they do not get permissions to the organization itself, only individual repositories. From the Github documentation for collaborators [3], this is for a few reasons, such as:
Outside collaborators cannot be added to a team, team membership is restricted to members of the organization.
...
All enterprise members have read permissions to the internal repository, but internal repositories are not visible to people outside of the enterprise, including outside collaborators on organization repositories.
...
public: no issue here because anyone and everyone will have access anywaysprivate: by default, only the repository admins owners and enterprise admins will have access to the repository (see additional note about using Github teams for permissions)
...