Puntos de conexión de API de REST para avisos de seguridad globales
Usa la API REST para ver avisos de seguridad globales.
List global security advisories
Lists all global security advisories that match the specified parameters. If no other parameters are defined, the request will return only GitHub-reviewed advisories that are not malware.
By default, all responses will exclude advisories for malware, because malware are not standard vulnerabilities. To list advisories for malware, you must include the type
parameter in your request, with the value malware
. For more information about the different types of security advisories, see "About the GitHub Advisory database."
Tokens de acceso específicos para "List global security advisories"
Este punto de conexión funciona con los siguientes tipos de token pormenorizados:
- Tokens de acceso de usuario de la aplicación de GitHub
- Token de acceso a la instalación de la aplicación de GitHub
- Tokens de acceso personal específico
El token pormenorizado no requiere ningún permiso.
Este punto de conexión se puede usar sin autenticación si solo se solicitan recursos públicos.
Parámetros para "List global security advisories"
Nombre, Tipo, Descripción |
---|
accept string Setting to |
Nombre, Tipo, Descripción |
---|
ghsa_id string If specified, only advisories with this GHSA (GitHub Security Advisory) identifier will be returned. |
type string If specified, only advisories of this type will be returned. By default, a request with no other parameters defined will only return reviewed advisories that are not malware. Valor predeterminado: Puede ser uno de los siguientes: |
cve_id string If specified, only advisories with this CVE (Common Vulnerabilities and Exposures) identifier will be returned. |
ecosystem string If specified, only advisories for these ecosystems will be returned. Puede ser uno de los siguientes: |
severity string If specified, only advisories with these severities will be returned. Puede ser uno de los siguientes: |
cwes If specified, only advisories with these Common Weakness Enumerations (CWEs) will be returned. Example: |
is_withdrawn boolean Whether to only return advisories that have been withdrawn. |
affects If specified, only return advisories that affect any of Example: |
published string If specified, only return advisories that were published on a date or date range. For more information on the syntax of the date range, see "Understanding the search syntax." |
updated string If specified, only return advisories that were updated on a date or date range. For more information on the syntax of the date range, see "Understanding the search syntax." |
modified string If specified, only show advisories that were updated or published on a date or date range. For more information on the syntax of the date range, see "Understanding the search syntax." |
epss_percentage string If specified, only return advisories that have an EPSS percentage score that matches the provided value. The EPSS percentage represents the likelihood of a CVE being exploited. |
epss_percentile string If specified, only return advisories that have an EPSS percentile score that matches the provided value. The EPSS percentile represents the relative rank of the CVE's likelihood of being exploited compared to other CVEs. |
before string A cursor, as given in the Link header. If specified, the query only searches for results before this cursor. For more information, see "Using pagination in the REST API." |
after string A cursor, as given in the Link header. If specified, the query only searches for results after this cursor. For more information, see "Using pagination in the REST API." |
direction string The direction to sort the results by. Valor predeterminado: Puede ser uno de los siguientes: |
per_page integer The number of results per page (max 100). For more information, see "Using pagination in the REST API." Valor predeterminado: |
sort string The property to sort the results by. Valor predeterminado: Puede ser uno de los siguientes: |
Códigos de estado de respuesta HTTP para "List global security advisories"
status code | Descripción |
---|---|
200 | OK |
422 | Validation failed, or the endpoint has been spammed. |
429 | Too many requests |
Ejemplos de código para "List global security advisories"
Si accedes a GitHub en GHE.com, reemplaza api.github.com
por el subdominio dedicado de la empresa en api.SUBDOMAIN.ghe.com
.
Ejemplo de solicitud
curl -L \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/advisories
Response
Status: 200
[
{
"id": 1,
"ghsa_id": "GHSA-abcd-1234-efgh",
"cve_id": "CVE-2050-00000",
"url": "https://api.github.com/advisories/GHSA-abcd-1234-efgh",
"html_url": "https://github.com/advisories/GHSA-abcd-1234-efgh",
"repository_advisory_url": "https://api.github.com/repos/project/a-package/security-advisories/GHSA-abcd-1234-efgh",
"summary": "Heartbleed security advisory",
"description": "This bug allows an attacker to read portions of the affected server’s memory, potentially disclosing sensitive information.",
"type": "reviewed",
"severity": "high",
"source_code_location": "https://github.com/project/a-package",
"identifiers": [
{
"type": "GHSA",
"value": "GHSA-abcd-1234-efgh"
},
{
"type": "CVE",
"value": "CVE-2050-00000"
}
],
"references": [
"https://nvd.nist.gov/vuln/detail/CVE-2050-00000"
],
"published_at": "2023-03-23T02:30:56Z",
"updated_at": "2023-03-24T02:30:56Z",
"github_reviewed_at": "2023-03-23T02:30:56Z",
"nvd_published_at": "2023-03-25T02:30:56Z",
"withdrawn_at": null,
"vulnerabilities": [
{
"package": {
"ecosystem": "npm",
"name": "a-package"
},
"first_patched_version": "1.0.3",
"vulnerable_version_range": "<=1.0.2",
"vulnerable_functions": [
"a_function"
]
}
],
"cvss": {
"vector_string": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"score": 7.6
},
"cvss_severities": {
"cvss_v3": {
"vector_string": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"score": 7.6
},
"cvss_v4": {
"vector_string": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"score": 9.3
}
},
"cwes": [
{
"cwe_id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
}
],
"epss": [
{
"percentage": 0.00045,
"percentile": "0.16001e0"
}
],
"credits": [
{
"user": {
"login": "octocat",
"id": 1,
"node_id": "MDQ6VXNlcjE=",
"avatar_url": "https://github.com/images/error/octocat_happy.gif",
"gravatar_id": "",
"url": "https://api.github.com/users/octocat",
"html_url": "https://github.com/octocat",
"followers_url": "https://api.github.com/users/octocat/followers",
"following_url": "https://api.github.com/users/octocat/following{/other_user}",
"gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
"starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
"organizations_url": "https://api.github.com/users/octocat/orgs",
"repos_url": "https://api.github.com/users/octocat/repos",
"events_url": "https://api.github.com/users/octocat/events{/privacy}",
"received_events_url": "https://api.github.com/users/octocat/received_events",
"type": "User",
"site_admin": false
},
"type": "analyst"
}
]
}
]
Get a global security advisory
Gets a global security advisory using its GitHub Security Advisory (GHSA) identifier.
Tokens de acceso específicos para "Get a global security advisory"
Este punto de conexión funciona con los siguientes tipos de token pormenorizados:
- Tokens de acceso de usuario de la aplicación de GitHub
- Token de acceso a la instalación de la aplicación de GitHub
- Tokens de acceso personal específico
El token pormenorizado no requiere ningún permiso.
Este punto de conexión se puede usar sin autenticación si solo se solicitan recursos públicos.
Parámetros para "Get a global security advisory"
Nombre, Tipo, Descripción |
---|
accept string Setting to |
Nombre, Tipo, Descripción |
---|
ghsa_id string RequeridoThe GHSA (GitHub Security Advisory) identifier of the advisory. |
Códigos de estado de respuesta HTTP para "Get a global security advisory"
status code | Descripción |
---|---|
200 | OK |
404 | Resource not found |
Ejemplos de código para "Get a global security advisory"
Si accedes a GitHub en GHE.com, reemplaza api.github.com
por el subdominio dedicado de la empresa en api.SUBDOMAIN.ghe.com
.
Ejemplo de solicitud
curl -L \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/advisories/GHSA_ID
Response
Status: 200
{
"ghsa_id": "GHSA-abcd-1234-efgh",
"cve_id": "CVE-2050-00000",
"url": "https://api.github.com/advisories/GHSA-abcd-1234-efgh",
"html_url": "https://github.com/advisories/GHSA-abcd-1234-efgh",
"repository_advisory_url": "https://api.github.com/repos/project/a-package/security-advisories/GHSA-abcd-1234-efgh",
"summary": "A short summary of the advisory.",
"description": "A detailed description of what the advisory entails.",
"type": "reviewed",
"severity": "high",
"source_code_location": "https://github.com/project/a-package",
"identifiers": [
{
"type": "GHSA",
"value": "GHSA-abcd-1234-efgh"
},
{
"type": "CVE",
"value": "CVE-2050-00000"
}
],
"references": [
"https://nvd.nist.gov/vuln/detail/CVE-2050-00000"
],
"published_at": "2023-03-23T02:30:56Z",
"updated_at": "2023-03-24T02:30:56Z",
"github_reviewed_at": "2023-03-23T02:30:56Z",
"nvd_published_at": "2023-03-25T02:30:56Z",
"withdrawn_at": null,
"vulnerabilities": [
{
"package": {
"ecosystem": "npm",
"name": "a-package"
},
"first_patched_version": "1.0.3",
"vulnerable_version_range": "<=1.0.2",
"vulnerable_functions": [
"a_function"
]
}
],
"cvss": {
"vector_string": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"score": 7.6
},
"cvss_severities": {
"cvss_v3": {
"vector_string": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"score": 7.6
},
"cvss_v4": {
"vector_string": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"score": 9.3
}
},
"cwes": [
{
"cwe_id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
}
],
"credits": [
{
"user": {
"login": "octocat",
"id": 1,
"node_id": "MDQ6VXNlcjE=",
"avatar_url": "https://github.com/images/error/octocat_happy.gif",
"gravatar_id": "",
"url": "https://api.github.com/users/octocat",
"html_url": "https://github.com/octocat",
"followers_url": "https://api.github.com/users/octocat/followers",
"following_url": "https://api.github.com/users/octocat/following{/other_user}",
"gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
"starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
"organizations_url": "https://api.github.com/users/octocat/orgs",
"repos_url": "https://api.github.com/users/octocat/repos",
"events_url": "https://api.github.com/users/octocat/events{/privacy}",
"received_events_url": "https://api.github.com/users/octocat/received_events",
"type": "User",
"site_admin": false
},
"type": "analyst"
}
]
}