Back to GithubUpdate a repository security advisory
Update a repository security advisory using its GitHub Security Advisory (GHSA) identifier.
You must authenticate using an access token with the repo
scope or repository_advisories:write
permission to use this endpoint.
In order to update any security advisory, you must be a security manager or administrator of that repository,
or a collaborator on the repository security advisory.
Input
type: object
properties:
parameters:
type: object
properties:
owner:
type: string
description: The account owner of the repository. The name is not case sensitive.
repo:
type: string
description: The name of the repository. The name is not case sensitive.
ghsa_id:
type: string
description: The GHSA (GitHub Security Advisory) identifier of the advisory.
required:
- owner
- repo
- ghsa_id
title: Parameters
data:
type: object
properties:
summary:
type: string
description: A short summary of the advisory.
maxLength: 1024
description:
type: string
description: A detailed description of what the advisory impacts.
maxLength: 65535
cve_id:
type: string
description: The Common Vulnerabilities and Exposures (CVE) ID.
nullable: true
vulnerabilities:
type: array
description: >-
A product affected by the vulnerability detailed in a repository
security advisory.
items:
type: object
properties:
package:
type: object
properties:
ecosystem:
type: string
description: The package's language or package management ecosystem.
enum:
- rubygems
- npm
- pip
- maven
- nuget
- composer
- go
- rust
- erlang
- actions
- pub
- other
name:
type: string
description: The unique package name within its ecosystem.
nullable: true
vulnerable_version_range:
type: string
description: The range of the package versions affected by the vulnerability.
nullable: true
patched_versions:
type: string
description: The package version(s) that resolve the vulnerability.
nullable: true
vulnerable_functions:
type: array
description: The functions in the package that are affected.
nullable: true
items:
type: string
cwe_ids:
type: array
description: A list of Common Weakness Enumeration (CWE) IDs.
nullable: true
items:
type: string
credits:
type: array
description: >-
A list of users receiving credit for their participation in the
security advisory.
nullable: true
items:
type: object
properties:
login:
type: string
description: The username of the user credited.
type:
type: string
description: The type of credit the user is receiving.
enum:
- analyst
- finder
- reporter
- coordinator
- remediation_developer
- remediation_reviewer
- remediation_verifier
- tool
- sponsor
- other
severity:
type: string
description: >-
The severity of the advisory. You must choose between setting this
field or `cvss_vector_string`.
nullable: true
enum:
- critical
- high
- medium
- low
cvss_vector_string:
type: string
description: >-
The CVSS vector that calculates the severity of the advisory. You must
choose between setting this field or `severity`.
nullable: true
state:
type: string
description: The state of the advisory.
enum:
- published
- closed
- draft
title: Data
Output
type: object
properties:
ghsa_id:
type: string
description: The GitHub Security Advisory ID.
readOnly: true
cve_id:
type: string
description: The Common Vulnerabilities and Exposures (CVE) ID.
nullable: true
url:
type: string
description: The API URL for the advisory.
html_url:
type: string
format: uri
description: The URL for the advisory.
readOnly: true
summary:
type: string
description: A short summary of the advisory.
maxLength: 1024
description:
type: string
description: A detailed description of what the advisory entails.
maxLength: 65535
nullable: true
severity:
type: string
description: The severity of the advisory.
nullable: true
enum:
- critical
- high
- medium
- low
author:
type: object
title: Simple User
properties:
name:
nullable: true
type: string
email:
nullable: true
type: string
login:
type: string
example: octocat
id:
type: integer
example: 1
node_id:
type: string
example: MDQ6VXNlcjE=
avatar_url:
type: string
format: uri
example: https://github.com/images/error/octocat_happy.gif
gravatar_id:
type: string
example: 41d064eb2195891e12d0413f63227ea7
nullable: true
url:
type: string
format: uri
example: https://api.github.com/users/octocat
html_url:
type: string
format: uri
example: https://github.com/octocat
followers_url:
type: string
format: uri
example: https://api.github.com/users/octocat/followers
following_url:
type: string
example: https://api.github.com/users/octocat/following{/other_user}
gists_url:
type: string
example: https://api.github.com/users/octocat/gists{/gist_id}
starred_url:
type: string
example: https://api.github.com/users/octocat/starred{/owner}{/repo}
subscriptions_url:
type: string
format: uri
example: https://api.github.com/users/octocat/subscriptions
organizations_url:
type: string
format: uri
example: https://api.github.com/users/octocat/orgs
repos_url:
type: string
format: uri
example: https://api.github.com/users/octocat/repos
events_url:
type: string
example: https://api.github.com/users/octocat/events{/privacy}
received_events_url:
type: string
format: uri
example: https://api.github.com/users/octocat/received_events
type:
type: string
example: User
site_admin:
type: boolean
starred_at:
type: string
example: '"2020-07-09T00:17:55Z"'
publisher:
type: object
title: Simple User
properties:
name:
nullable: true
type: string
email:
nullable: true
type: string
login:
type: string
example: octocat
id:
type: integer
example: 1
node_id:
type: string
example: MDQ6VXNlcjE=
avatar_url:
type: string
format: uri
example: https://github.com/images/error/octocat_happy.gif
gravatar_id:
type: string
example: 41d064eb2195891e12d0413f63227ea7
nullable: true
url:
type: string
format: uri
example: https://api.github.com/users/octocat
html_url:
type: string
format: uri
example: https://github.com/octocat
followers_url:
type: string
format: uri
example: https://api.github.com/users/octocat/followers
following_url:
type: string
example: https://api.github.com/users/octocat/following{/other_user}
gists_url:
type: string
example: https://api.github.com/users/octocat/gists{/gist_id}
starred_url:
type: string
example: https://api.github.com/users/octocat/starred{/owner}{/repo}
subscriptions_url:
type: string
format: uri
example: https://api.github.com/users/octocat/subscriptions
organizations_url:
type: string
format: uri
example: https://api.github.com/users/octocat/orgs
repos_url:
type: string
format: uri
example: https://api.github.com/users/octocat/repos
events_url:
type: string
example: https://api.github.com/users/octocat/events{/privacy}
received_events_url:
type: string
format: uri
example: https://api.github.com/users/octocat/received_events
type:
type: string
example: User
site_admin:
type: boolean
starred_at:
type: string
example: '"2020-07-09T00:17:55Z"'
identifiers:
type: array
readOnly: true
items:
type: object
properties:
type:
type: string
description: The type of identifier.
enum:
- CVE
- GHSA
value:
type: string
description: The identifier value.
state:
type: string
description: The state of the advisory.
enum:
- published
- closed
- withdrawn
- draft
- triage
created_at:
type: string
format: date-time
description: The date and time of when the advisory was created, in ISO 8601 format.
readOnly: true
nullable: true
updated_at:
type: string
format: date-time
description: >-
The date and time of when the advisory was last updated, in ISO 8601
format.
readOnly: true
nullable: true
published_at:
type: string
format: date-time
description: The date and time of when the advisory was published, in ISO 8601 format.
readOnly: true
nullable: true
closed_at:
type: string
format: date-time
description: The date and time of when the advisory was closed, in ISO 8601 format.
readOnly: true
nullable: true
withdrawn_at:
type: string
format: date-time
description: The date and time of when the advisory was withdrawn, in ISO 8601 format.
readOnly: true
nullable: true
submission:
type: object
properties:
accepted:
type: boolean
description: >-
Whether a private vulnerability report was accepted by the
repository's administrators.
readOnly: true
vulnerabilities:
type: array
nullable: true
items:
type: object
properties:
package:
type: object
properties:
ecosystem:
type: string
description: The package's language or package management ecosystem.
enum:
- rubygems
- npm
- pip
- maven
- nuget
- composer
- go
- rust
- erlang
- actions
- pub
- other
name:
type: string
description: The unique package name within its ecosystem.
nullable: true
vulnerable_version_range:
type: string
description: The range of the package versions affected by the vulnerability.
nullable: true
patched_versions:
type: string
description: The package version(s) that resolve the vulnerability.
nullable: true
vulnerable_functions:
type: array
description: The functions in the package that are affected.
nullable: true
items:
type: string
cvss:
type: object
properties:
vector_string:
type: string
description: The CVSS vector.
nullable: true
score:
type: number
description: The CVSS score.
minimum: 0
maximum: 10
nullable: true
readOnly: true
cwes:
type: array
nullable: true
readOnly: true
items:
type: object
properties:
cwe_id:
type: string
description: The Common Weakness Enumeration (CWE) identifier.
name:
type: string
description: The name of the CWE.
readOnly: true
cwe_ids:
type: array
description: A list of only the CWE IDs.
nullable: true
items:
type: string
credits:
type: array
nullable: true
items:
type: object
properties:
login:
type: string
description: The username of the user credited.
type:
type: string
description: The type of credit the user is receiving.
enum:
- analyst
- finder
- reporter
- coordinator
- remediation_developer
- remediation_reviewer
- remediation_verifier
- tool
- sponsor
- other
credits_detailed:
type: array
nullable: true
readOnly: true
items:
type: object
properties:
user:
type: object
title: Simple User
properties:
name:
nullable: true
type: string
email:
nullable: true
type: string
login:
type: string
example: octocat
id:
type: integer
example: 1
node_id:
type: string
example: MDQ6VXNlcjE=
avatar_url:
type: string
format: uri
example: https://github.com/images/error/octocat_happy.gif
gravatar_id:
type: string
example: 41d064eb2195891e12d0413f63227ea7
nullable: true
url:
type: string
format: uri
example: https://api.github.com/users/octocat
html_url:
type: string
format: uri
example: https://github.com/octocat
followers_url:
type: string
format: uri
example: https://api.github.com/users/octocat/followers
following_url:
type: string
example: https://api.github.com/users/octocat/following{/other_user}
gists_url:
type: string
example: https://api.github.com/users/octocat/gists{/gist_id}
starred_url:
type: string
example: https://api.github.com/users/octocat/starred{/owner}{/repo}
subscriptions_url:
type: string
format: uri
example: https://api.github.com/users/octocat/subscriptions
organizations_url:
type: string
format: uri
example: https://api.github.com/users/octocat/orgs
repos_url:
type: string
format: uri
example: https://api.github.com/users/octocat/repos
events_url:
type: string
example: https://api.github.com/users/octocat/events{/privacy}
received_events_url:
type: string
format: uri
example: https://api.github.com/users/octocat/received_events
type:
type: string
example: User
site_admin:
type: boolean
starred_at:
type: string
example: '"2020-07-09T00:17:55Z"'
type:
type: string
description: The type of credit the user is receiving.
enum:
- analyst
- finder
- reporter
- coordinator
- remediation_developer
- remediation_reviewer
- remediation_verifier
- tool
- sponsor
- other
state:
type: string
description: The state of the user's acceptance of the credit.
enum:
- accepted
- declined
- pending