Github API

Getting access, Developing, Testing

Back to Github

List repository security advisories

Lists security advisories in a repository. You must authenticate using an access token with the repo scope or repository_advisories:read permission in order to get published security advisories in a private repository, or any unpublished security advisories that you have access to.

You can access unpublished security advisories from a repository if you are a security manager or administrator of that repository, or if you are a collaborator on any security advisory.

Input

type: object properties: parameters: type: object properties: owner: type: string description: The account owner of the repository. The name is not case sensitive. repo: type: string description: The name of the repository. The name is not case sensitive. direction: type: string enum: - asc - desc default: desc description: The direction to sort the results by. sort: type: string enum: - created - updated - published default: created description: The property to sort the results by. before: type: string description: >- A cursor, as given in the [Link header](https://docs.github.com/rest/guides/using-pagination-in-the-rest-api#using-link-headers). If specified, the query only searches for results before this cursor. after: type: string description: >- A cursor, as given in the [Link header](https://docs.github.com/rest/guides/using-pagination-in-the-rest-api#using-link-headers). If specified, the query only searches for results after this cursor. per_page: type: integer minimum: 1 maximum: 100 default: 30 description: Number of advisories to return per page. state: type: string enum: - triage - draft - published - closed description: >- Filter by state of the repository advisories. Only advisories of this state will be returned. required: - owner - repo title: Parameters

Output

type: array items: type: object properties: ghsa_id: type: string description: The GitHub Security Advisory ID. readOnly: true cve_id: type: string description: The Common Vulnerabilities and Exposures (CVE) ID. nullable: true url: type: string description: The API URL for the advisory. html_url: type: string format: uri description: The URL for the advisory. readOnly: true summary: type: string description: A short summary of the advisory. maxLength: 1024 description: type: string description: A detailed description of what the advisory entails. maxLength: 65535 nullable: true severity: type: string description: The severity of the advisory. nullable: true enum: - critical - high - medium - low author: type: object title: Simple User properties: name: nullable: true type: string email: nullable: true type: string login: type: string example: octocat id: type: integer example: 1 node_id: type: string example: MDQ6VXNlcjE= avatar_url: type: string format: uri example: https://github.com/images/error/octocat_happy.gif gravatar_id: type: string example: 41d064eb2195891e12d0413f63227ea7 nullable: true url: type: string format: uri example: https://api.github.com/users/octocat html_url: type: string format: uri example: https://github.com/octocat followers_url: type: string format: uri example: https://api.github.com/users/octocat/followers following_url: type: string example: https://api.github.com/users/octocat/following{/other_user} gists_url: type: string example: https://api.github.com/users/octocat/gists{/gist_id} starred_url: type: string example: https://api.github.com/users/octocat/starred{/owner}{/repo} subscriptions_url: type: string format: uri example: https://api.github.com/users/octocat/subscriptions organizations_url: type: string format: uri example: https://api.github.com/users/octocat/orgs repos_url: type: string format: uri example: https://api.github.com/users/octocat/repos events_url: type: string example: https://api.github.com/users/octocat/events{/privacy} received_events_url: type: string format: uri example: https://api.github.com/users/octocat/received_events type: type: string example: User site_admin: type: boolean starred_at: type: string example: '"2020-07-09T00:17:55Z"' publisher: type: object title: Simple User properties: name: nullable: true type: string email: nullable: true type: string login: type: string example: octocat id: type: integer example: 1 node_id: type: string example: MDQ6VXNlcjE= avatar_url: type: string format: uri example: https://github.com/images/error/octocat_happy.gif gravatar_id: type: string example: 41d064eb2195891e12d0413f63227ea7 nullable: true url: type: string format: uri example: https://api.github.com/users/octocat html_url: type: string format: uri example: https://github.com/octocat followers_url: type: string format: uri example: https://api.github.com/users/octocat/followers following_url: type: string example: https://api.github.com/users/octocat/following{/other_user} gists_url: type: string example: https://api.github.com/users/octocat/gists{/gist_id} starred_url: type: string example: https://api.github.com/users/octocat/starred{/owner}{/repo} subscriptions_url: type: string format: uri example: https://api.github.com/users/octocat/subscriptions organizations_url: type: string format: uri example: https://api.github.com/users/octocat/orgs repos_url: type: string format: uri example: https://api.github.com/users/octocat/repos events_url: type: string example: https://api.github.com/users/octocat/events{/privacy} received_events_url: type: string format: uri example: https://api.github.com/users/octocat/received_events type: type: string example: User site_admin: type: boolean starred_at: type: string example: '"2020-07-09T00:17:55Z"' identifiers: type: array readOnly: true items: type: object properties: type: type: string description: The type of identifier. enum: - CVE - GHSA value: type: string description: The identifier value. state: type: string description: The state of the advisory. enum: - published - closed - withdrawn - draft - triage created_at: type: string format: date-time description: The date and time of when the advisory was created, in ISO 8601 format. readOnly: true nullable: true updated_at: type: string format: date-time description: >- The date and time of when the advisory was last updated, in ISO 8601 format. readOnly: true nullable: true published_at: type: string format: date-time description: >- The date and time of when the advisory was published, in ISO 8601 format. readOnly: true nullable: true closed_at: type: string format: date-time description: The date and time of when the advisory was closed, in ISO 8601 format. readOnly: true nullable: true withdrawn_at: type: string format: date-time description: >- The date and time of when the advisory was withdrawn, in ISO 8601 format. readOnly: true nullable: true submission: type: object properties: accepted: type: boolean description: >- Whether a private vulnerability report was accepted by the repository's administrators. readOnly: true vulnerabilities: type: array nullable: true items: type: object properties: package: type: object properties: ecosystem: type: string description: The package's language or package management ecosystem. enum: - rubygems - npm - pip - maven - nuget - composer - go - rust - erlang - actions - pub - other name: type: string description: The unique package name within its ecosystem. nullable: true vulnerable_version_range: type: string description: The range of the package versions affected by the vulnerability. nullable: true patched_versions: type: string description: The package version(s) that resolve the vulnerability. nullable: true vulnerable_functions: type: array description: The functions in the package that are affected. nullable: true items: type: string cvss: type: object properties: vector_string: type: string description: The CVSS vector. nullable: true score: type: number description: The CVSS score. minimum: 0 maximum: 10 nullable: true readOnly: true cwes: type: array nullable: true readOnly: true items: type: object properties: cwe_id: type: string description: The Common Weakness Enumeration (CWE) identifier. name: type: string description: The name of the CWE. readOnly: true cwe_ids: type: array description: A list of only the CWE IDs. nullable: true items: type: string credits: type: array nullable: true items: type: object properties: login: type: string description: The username of the user credited. type: type: string description: The type of credit the user is receiving. enum: - analyst - finder - reporter - coordinator - remediation_developer - remediation_reviewer - remediation_verifier - tool - sponsor - other credits_detailed: type: array nullable: true readOnly: true items: type: object properties: user: type: object title: Simple User properties: name: nullable: true type: string email: nullable: true type: string login: type: string example: octocat id: type: integer example: 1 node_id: type: string example: MDQ6VXNlcjE= avatar_url: type: string format: uri example: https://github.com/images/error/octocat_happy.gif gravatar_id: type: string example: 41d064eb2195891e12d0413f63227ea7 nullable: true url: type: string format: uri example: https://api.github.com/users/octocat html_url: type: string format: uri example: https://github.com/octocat followers_url: type: string format: uri example: https://api.github.com/users/octocat/followers following_url: type: string example: https://api.github.com/users/octocat/following{/other_user} gists_url: type: string example: https://api.github.com/users/octocat/gists{/gist_id} starred_url: type: string example: https://api.github.com/users/octocat/starred{/owner}{/repo} subscriptions_url: type: string format: uri example: https://api.github.com/users/octocat/subscriptions organizations_url: type: string format: uri example: https://api.github.com/users/octocat/orgs repos_url: type: string format: uri example: https://api.github.com/users/octocat/repos events_url: type: string example: https://api.github.com/users/octocat/events{/privacy} received_events_url: type: string format: uri example: https://api.github.com/users/octocat/received_events type: type: string example: User site_admin: type: boolean starred_at: type: string example: '"2020-07-09T00:17:55Z"' type: type: string description: The type of credit the user is receiving. enum: - analyst - finder - reporter - coordinator - remediation_developer - remediation_reviewer - remediation_verifier - tool - sponsor - other state: type: string description: The state of the user's acceptance of the credit. enum: - accepted - declined - pending