Github API

Getting access, Developing, Testing

Back to Github

Update a repository security advisory

Update a repository security advisory using its GitHub Security Advisory (GHSA) identifier. You must authenticate using an access token with the repo scope or repository_advisories:write permission to use this endpoint.

In order to update any security advisory, you must be a security manager or administrator of that repository, or a collaborator on the repository security advisory.

Input

type: object properties: parameters: type: object properties: owner: type: string description: The account owner of the repository. The name is not case sensitive. repo: type: string description: The name of the repository. The name is not case sensitive. ghsa_id: type: string description: The GHSA (GitHub Security Advisory) identifier of the advisory. required: - owner - repo - ghsa_id title: Parameters data: type: object properties: summary: type: string description: A short summary of the advisory. maxLength: 1024 description: type: string description: A detailed description of what the advisory impacts. maxLength: 65535 cve_id: type: string description: The Common Vulnerabilities and Exposures (CVE) ID. nullable: true vulnerabilities: type: array description: >- A product affected by the vulnerability detailed in a repository security advisory. items: type: object properties: package: type: object properties: ecosystem: type: string description: The package's language or package management ecosystem. enum: - rubygems - npm - pip - maven - nuget - composer - go - rust - erlang - actions - pub - other name: type: string description: The unique package name within its ecosystem. nullable: true vulnerable_version_range: type: string description: The range of the package versions affected by the vulnerability. nullable: true patched_versions: type: string description: The package version(s) that resolve the vulnerability. nullable: true vulnerable_functions: type: array description: The functions in the package that are affected. nullable: true items: type: string cwe_ids: type: array description: A list of Common Weakness Enumeration (CWE) IDs. nullable: true items: type: string credits: type: array description: >- A list of users receiving credit for their participation in the security advisory. nullable: true items: type: object properties: login: type: string description: The username of the user credited. type: type: string description: The type of credit the user is receiving. enum: - analyst - finder - reporter - coordinator - remediation_developer - remediation_reviewer - remediation_verifier - tool - sponsor - other severity: type: string description: >- The severity of the advisory. You must choose between setting this field or `cvss_vector_string`. nullable: true enum: - critical - high - medium - low cvss_vector_string: type: string description: >- The CVSS vector that calculates the severity of the advisory. You must choose between setting this field or `severity`. nullable: true state: type: string description: The state of the advisory. enum: - published - closed - draft title: Data

Output

type: object properties: ghsa_id: type: string description: The GitHub Security Advisory ID. readOnly: true cve_id: type: string description: The Common Vulnerabilities and Exposures (CVE) ID. nullable: true url: type: string description: The API URL for the advisory. html_url: type: string format: uri description: The URL for the advisory. readOnly: true summary: type: string description: A short summary of the advisory. maxLength: 1024 description: type: string description: A detailed description of what the advisory entails. maxLength: 65535 nullable: true severity: type: string description: The severity of the advisory. nullable: true enum: - critical - high - medium - low author: type: object title: Simple User properties: name: nullable: true type: string email: nullable: true type: string login: type: string example: octocat id: type: integer example: 1 node_id: type: string example: MDQ6VXNlcjE= avatar_url: type: string format: uri example: https://github.com/images/error/octocat_happy.gif gravatar_id: type: string example: 41d064eb2195891e12d0413f63227ea7 nullable: true url: type: string format: uri example: https://api.github.com/users/octocat html_url: type: string format: uri example: https://github.com/octocat followers_url: type: string format: uri example: https://api.github.com/users/octocat/followers following_url: type: string example: https://api.github.com/users/octocat/following{/other_user} gists_url: type: string example: https://api.github.com/users/octocat/gists{/gist_id} starred_url: type: string example: https://api.github.com/users/octocat/starred{/owner}{/repo} subscriptions_url: type: string format: uri example: https://api.github.com/users/octocat/subscriptions organizations_url: type: string format: uri example: https://api.github.com/users/octocat/orgs repos_url: type: string format: uri example: https://api.github.com/users/octocat/repos events_url: type: string example: https://api.github.com/users/octocat/events{/privacy} received_events_url: type: string format: uri example: https://api.github.com/users/octocat/received_events type: type: string example: User site_admin: type: boolean starred_at: type: string example: '"2020-07-09T00:17:55Z"' publisher: type: object title: Simple User properties: name: nullable: true type: string email: nullable: true type: string login: type: string example: octocat id: type: integer example: 1 node_id: type: string example: MDQ6VXNlcjE= avatar_url: type: string format: uri example: https://github.com/images/error/octocat_happy.gif gravatar_id: type: string example: 41d064eb2195891e12d0413f63227ea7 nullable: true url: type: string format: uri example: https://api.github.com/users/octocat html_url: type: string format: uri example: https://github.com/octocat followers_url: type: string format: uri example: https://api.github.com/users/octocat/followers following_url: type: string example: https://api.github.com/users/octocat/following{/other_user} gists_url: type: string example: https://api.github.com/users/octocat/gists{/gist_id} starred_url: type: string example: https://api.github.com/users/octocat/starred{/owner}{/repo} subscriptions_url: type: string format: uri example: https://api.github.com/users/octocat/subscriptions organizations_url: type: string format: uri example: https://api.github.com/users/octocat/orgs repos_url: type: string format: uri example: https://api.github.com/users/octocat/repos events_url: type: string example: https://api.github.com/users/octocat/events{/privacy} received_events_url: type: string format: uri example: https://api.github.com/users/octocat/received_events type: type: string example: User site_admin: type: boolean starred_at: type: string example: '"2020-07-09T00:17:55Z"' identifiers: type: array readOnly: true items: type: object properties: type: type: string description: The type of identifier. enum: - CVE - GHSA value: type: string description: The identifier value. state: type: string description: The state of the advisory. enum: - published - closed - withdrawn - draft - triage created_at: type: string format: date-time description: The date and time of when the advisory was created, in ISO 8601 format. readOnly: true nullable: true updated_at: type: string format: date-time description: >- The date and time of when the advisory was last updated, in ISO 8601 format. readOnly: true nullable: true published_at: type: string format: date-time description: The date and time of when the advisory was published, in ISO 8601 format. readOnly: true nullable: true closed_at: type: string format: date-time description: The date and time of when the advisory was closed, in ISO 8601 format. readOnly: true nullable: true withdrawn_at: type: string format: date-time description: The date and time of when the advisory was withdrawn, in ISO 8601 format. readOnly: true nullable: true submission: type: object properties: accepted: type: boolean description: >- Whether a private vulnerability report was accepted by the repository's administrators. readOnly: true vulnerabilities: type: array nullable: true items: type: object properties: package: type: object properties: ecosystem: type: string description: The package's language or package management ecosystem. enum: - rubygems - npm - pip - maven - nuget - composer - go - rust - erlang - actions - pub - other name: type: string description: The unique package name within its ecosystem. nullable: true vulnerable_version_range: type: string description: The range of the package versions affected by the vulnerability. nullable: true patched_versions: type: string description: The package version(s) that resolve the vulnerability. nullable: true vulnerable_functions: type: array description: The functions in the package that are affected. nullable: true items: type: string cvss: type: object properties: vector_string: type: string description: The CVSS vector. nullable: true score: type: number description: The CVSS score. minimum: 0 maximum: 10 nullable: true readOnly: true cwes: type: array nullable: true readOnly: true items: type: object properties: cwe_id: type: string description: The Common Weakness Enumeration (CWE) identifier. name: type: string description: The name of the CWE. readOnly: true cwe_ids: type: array description: A list of only the CWE IDs. nullable: true items: type: string credits: type: array nullable: true items: type: object properties: login: type: string description: The username of the user credited. type: type: string description: The type of credit the user is receiving. enum: - analyst - finder - reporter - coordinator - remediation_developer - remediation_reviewer - remediation_verifier - tool - sponsor - other credits_detailed: type: array nullable: true readOnly: true items: type: object properties: user: type: object title: Simple User properties: name: nullable: true type: string email: nullable: true type: string login: type: string example: octocat id: type: integer example: 1 node_id: type: string example: MDQ6VXNlcjE= avatar_url: type: string format: uri example: https://github.com/images/error/octocat_happy.gif gravatar_id: type: string example: 41d064eb2195891e12d0413f63227ea7 nullable: true url: type: string format: uri example: https://api.github.com/users/octocat html_url: type: string format: uri example: https://github.com/octocat followers_url: type: string format: uri example: https://api.github.com/users/octocat/followers following_url: type: string example: https://api.github.com/users/octocat/following{/other_user} gists_url: type: string example: https://api.github.com/users/octocat/gists{/gist_id} starred_url: type: string example: https://api.github.com/users/octocat/starred{/owner}{/repo} subscriptions_url: type: string format: uri example: https://api.github.com/users/octocat/subscriptions organizations_url: type: string format: uri example: https://api.github.com/users/octocat/orgs repos_url: type: string format: uri example: https://api.github.com/users/octocat/repos events_url: type: string example: https://api.github.com/users/octocat/events{/privacy} received_events_url: type: string format: uri example: https://api.github.com/users/octocat/received_events type: type: string example: User site_admin: type: boolean starred_at: type: string example: '"2020-07-09T00:17:55Z"' type: type: string description: The type of credit the user is receiving. enum: - analyst - finder - reporter - coordinator - remediation_developer - remediation_reviewer - remediation_verifier - tool - sponsor - other state: type: string description: The state of the user's acceptance of the credit. enum: - accepted - declined - pending