Back to GithubList repository security advisories
Lists security advisories in a repository.
You must authenticate using an access token with the repo
scope or repository_advisories:read
permission
in order to get published security advisories in a private repository, or any unpublished security advisories that you have access to.
You can access unpublished security advisories from a repository if you are a security manager or administrator of that repository, or if you are a collaborator on any security advisory.
Input
type: object
properties:
parameters:
type: object
properties:
owner:
type: string
description: The account owner of the repository. The name is not case sensitive.
repo:
type: string
description: The name of the repository. The name is not case sensitive.
direction:
type: string
enum:
- asc
- desc
default: desc
description: The direction to sort the results by.
sort:
type: string
enum:
- created
- updated
- published
default: created
description: The property to sort the results by.
before:
type: string
description: >-
A cursor, as given in the [Link
header](https://docs.github.com/rest/guides/using-pagination-in-the-rest-api#using-link-headers).
If specified, the query only searches for results before this cursor.
after:
type: string
description: >-
A cursor, as given in the [Link
header](https://docs.github.com/rest/guides/using-pagination-in-the-rest-api#using-link-headers).
If specified, the query only searches for results after this cursor.
per_page:
type: integer
minimum: 1
maximum: 100
default: 30
description: Number of advisories to return per page.
state:
type: string
enum:
- triage
- draft
- published
- closed
description: >-
Filter by state of the repository advisories. Only advisories of this
state will be returned.
required:
- owner
- repo
title: Parameters
Output
type: array
items:
type: object
properties:
ghsa_id:
type: string
description: The GitHub Security Advisory ID.
readOnly: true
cve_id:
type: string
description: The Common Vulnerabilities and Exposures (CVE) ID.
nullable: true
url:
type: string
description: The API URL for the advisory.
html_url:
type: string
format: uri
description: The URL for the advisory.
readOnly: true
summary:
type: string
description: A short summary of the advisory.
maxLength: 1024
description:
type: string
description: A detailed description of what the advisory entails.
maxLength: 65535
nullable: true
severity:
type: string
description: The severity of the advisory.
nullable: true
enum:
- critical
- high
- medium
- low
author:
type: object
title: Simple User
properties:
name:
nullable: true
type: string
email:
nullable: true
type: string
login:
type: string
example: octocat
id:
type: integer
example: 1
node_id:
type: string
example: MDQ6VXNlcjE=
avatar_url:
type: string
format: uri
example: https://github.com/images/error/octocat_happy.gif
gravatar_id:
type: string
example: 41d064eb2195891e12d0413f63227ea7
nullable: true
url:
type: string
format: uri
example: https://api.github.com/users/octocat
html_url:
type: string
format: uri
example: https://github.com/octocat
followers_url:
type: string
format: uri
example: https://api.github.com/users/octocat/followers
following_url:
type: string
example: https://api.github.com/users/octocat/following{/other_user}
gists_url:
type: string
example: https://api.github.com/users/octocat/gists{/gist_id}
starred_url:
type: string
example: https://api.github.com/users/octocat/starred{/owner}{/repo}
subscriptions_url:
type: string
format: uri
example: https://api.github.com/users/octocat/subscriptions
organizations_url:
type: string
format: uri
example: https://api.github.com/users/octocat/orgs
repos_url:
type: string
format: uri
example: https://api.github.com/users/octocat/repos
events_url:
type: string
example: https://api.github.com/users/octocat/events{/privacy}
received_events_url:
type: string
format: uri
example: https://api.github.com/users/octocat/received_events
type:
type: string
example: User
site_admin:
type: boolean
starred_at:
type: string
example: '"2020-07-09T00:17:55Z"'
publisher:
type: object
title: Simple User
properties:
name:
nullable: true
type: string
email:
nullable: true
type: string
login:
type: string
example: octocat
id:
type: integer
example: 1
node_id:
type: string
example: MDQ6VXNlcjE=
avatar_url:
type: string
format: uri
example: https://github.com/images/error/octocat_happy.gif
gravatar_id:
type: string
example: 41d064eb2195891e12d0413f63227ea7
nullable: true
url:
type: string
format: uri
example: https://api.github.com/users/octocat
html_url:
type: string
format: uri
example: https://github.com/octocat
followers_url:
type: string
format: uri
example: https://api.github.com/users/octocat/followers
following_url:
type: string
example: https://api.github.com/users/octocat/following{/other_user}
gists_url:
type: string
example: https://api.github.com/users/octocat/gists{/gist_id}
starred_url:
type: string
example: https://api.github.com/users/octocat/starred{/owner}{/repo}
subscriptions_url:
type: string
format: uri
example: https://api.github.com/users/octocat/subscriptions
organizations_url:
type: string
format: uri
example: https://api.github.com/users/octocat/orgs
repos_url:
type: string
format: uri
example: https://api.github.com/users/octocat/repos
events_url:
type: string
example: https://api.github.com/users/octocat/events{/privacy}
received_events_url:
type: string
format: uri
example: https://api.github.com/users/octocat/received_events
type:
type: string
example: User
site_admin:
type: boolean
starred_at:
type: string
example: '"2020-07-09T00:17:55Z"'
identifiers:
type: array
readOnly: true
items:
type: object
properties:
type:
type: string
description: The type of identifier.
enum:
- CVE
- GHSA
value:
type: string
description: The identifier value.
state:
type: string
description: The state of the advisory.
enum:
- published
- closed
- withdrawn
- draft
- triage
created_at:
type: string
format: date-time
description: The date and time of when the advisory was created, in ISO 8601 format.
readOnly: true
nullable: true
updated_at:
type: string
format: date-time
description: >-
The date and time of when the advisory was last updated, in ISO 8601
format.
readOnly: true
nullable: true
published_at:
type: string
format: date-time
description: >-
The date and time of when the advisory was published, in ISO 8601
format.
readOnly: true
nullable: true
closed_at:
type: string
format: date-time
description: The date and time of when the advisory was closed, in ISO 8601 format.
readOnly: true
nullable: true
withdrawn_at:
type: string
format: date-time
description: >-
The date and time of when the advisory was withdrawn, in ISO 8601
format.
readOnly: true
nullable: true
submission:
type: object
properties:
accepted:
type: boolean
description: >-
Whether a private vulnerability report was accepted by the
repository's administrators.
readOnly: true
vulnerabilities:
type: array
nullable: true
items:
type: object
properties:
package:
type: object
properties:
ecosystem:
type: string
description: The package's language or package management ecosystem.
enum:
- rubygems
- npm
- pip
- maven
- nuget
- composer
- go
- rust
- erlang
- actions
- pub
- other
name:
type: string
description: The unique package name within its ecosystem.
nullable: true
vulnerable_version_range:
type: string
description: The range of the package versions affected by the vulnerability.
nullable: true
patched_versions:
type: string
description: The package version(s) that resolve the vulnerability.
nullable: true
vulnerable_functions:
type: array
description: The functions in the package that are affected.
nullable: true
items:
type: string
cvss:
type: object
properties:
vector_string:
type: string
description: The CVSS vector.
nullable: true
score:
type: number
description: The CVSS score.
minimum: 0
maximum: 10
nullable: true
readOnly: true
cwes:
type: array
nullable: true
readOnly: true
items:
type: object
properties:
cwe_id:
type: string
description: The Common Weakness Enumeration (CWE) identifier.
name:
type: string
description: The name of the CWE.
readOnly: true
cwe_ids:
type: array
description: A list of only the CWE IDs.
nullable: true
items:
type: string
credits:
type: array
nullable: true
items:
type: object
properties:
login:
type: string
description: The username of the user credited.
type:
type: string
description: The type of credit the user is receiving.
enum:
- analyst
- finder
- reporter
- coordinator
- remediation_developer
- remediation_reviewer
- remediation_verifier
- tool
- sponsor
- other
credits_detailed:
type: array
nullable: true
readOnly: true
items:
type: object
properties:
user:
type: object
title: Simple User
properties:
name:
nullable: true
type: string
email:
nullable: true
type: string
login:
type: string
example: octocat
id:
type: integer
example: 1
node_id:
type: string
example: MDQ6VXNlcjE=
avatar_url:
type: string
format: uri
example: https://github.com/images/error/octocat_happy.gif
gravatar_id:
type: string
example: 41d064eb2195891e12d0413f63227ea7
nullable: true
url:
type: string
format: uri
example: https://api.github.com/users/octocat
html_url:
type: string
format: uri
example: https://github.com/octocat
followers_url:
type: string
format: uri
example: https://api.github.com/users/octocat/followers
following_url:
type: string
example: https://api.github.com/users/octocat/following{/other_user}
gists_url:
type: string
example: https://api.github.com/users/octocat/gists{/gist_id}
starred_url:
type: string
example: https://api.github.com/users/octocat/starred{/owner}{/repo}
subscriptions_url:
type: string
format: uri
example: https://api.github.com/users/octocat/subscriptions
organizations_url:
type: string
format: uri
example: https://api.github.com/users/octocat/orgs
repos_url:
type: string
format: uri
example: https://api.github.com/users/octocat/repos
events_url:
type: string
example: https://api.github.com/users/octocat/events{/privacy}
received_events_url:
type: string
format: uri
example: https://api.github.com/users/octocat/received_events
type:
type: string
example: User
site_admin:
type: boolean
starred_at:
type: string
example: '"2020-07-09T00:17:55Z"'
type:
type: string
description: The type of credit the user is receiving.
enum:
- analyst
- finder
- reporter
- coordinator
- remediation_developer
- remediation_reviewer
- remediation_verifier
- tool
- sponsor
- other
state:
type: string
description: The state of the user's acceptance of the credit.
enum:
- accepted
- declined
- pending