リポジトリセキュリティアドバイザリ

リポジトリセキュリティアドバイザリを表示し、管理するには、REST API を使います。

List repository security advisories for an organization

Lists repository security advisories for an organization.

To use this endpoint, you must be an owner or security manager for the organization, and you must use an access token with the repo scope or repository_advisories:write permission.

"List repository security advisories for an organization" のパラメーター

ヘッダー
名前, Type, 説明
`accept` string Setting to `application/vnd.github+json` is recommended.

パスパラメーター
名前, Type, 説明
`org` string 必須 The organization name. The name is not case sensitive.

クエリパラメーター
名前, Type, 説明
`direction` string The direction to sort the results by. Default: `desc` 次のいずれかにできます: `asc`, `desc`
`sort` string The property to sort the results by. Default: `created` 次のいずれかにできます: `created`, `updated`, `published`
`before` string A cursor, as given in the Link header. If specified, the query only searches for results before this cursor.
`after` string A cursor, as given in the Link header. If specified, the query only searches for results after this cursor.
`per_page` integer The number of advisories to return per page. Default: `30`
`state` string Filter by the state of the repository advisories. Only advisories of this state will be returned. 次のいずれかにできます: `triage`, `draft`, `published`, `closed`

"List repository security advisories for an organization" の HTTP 応答状態コード

状態コード	説明
`200`	OK
`400`	Bad Request
`404`	Resource not found

"List repository security advisories for an organization" のコードサンプル

get/orgs/{org}/security-advisories

curl -L \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/orgs/ORG/security-advisories

Response

Status: 200

[
  {
    "ghsa_id": "GHSA-abcd-1234-efgh",
    "cve_id": "CVE-2050-00000",
    "url": "https://api.github.com/repos/repo/a-package/security-advisories/GHSA-abcd-1234-efgh",
    "html_url": "https://github.com/repo/a-package/security/advisories/GHSA-abcd-1234-efgh",
    "summary": "A short summary of the advisory.",
    "description": "A detailed description of what the advisory entails.",
    "severity": "critical",
    "author": {
      "login": "octocat",
      "id": 1,
      "node_id": "MDQ6VXNlcjE=",
      "avatar_url": "https://github.com/images/error/octocat_happy.gif",
      "gravatar_id": "",
      "url": "https://api.github.com/users/octocat",
      "html_url": "https://github.com/octocat",
      "followers_url": "https://api.github.com/users/octocat/followers",
      "following_url": "https://api.github.com/users/octocat/following{/other_user}",
      "gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
      "starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
      "subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
      "organizations_url": "https://api.github.com/users/octocat/orgs",
      "repos_url": "https://api.github.com/users/octocat/repos",
      "events_url": "https://api.github.com/users/octocat/events{/privacy}",
      "received_events_url": "https://api.github.com/users/octocat/received_events",
      "type": "User",
      "site_admin": false
    },
    "publisher": {
      "login": "octocat",
      "id": 1,
      "node_id": "MDQ6VXNlcjE=",
      "avatar_url": "https://github.com/images/error/octocat_happy.gif",
      "gravatar_id": "",
      "url": "https://api.github.com/users/octocat",
      "html_url": "https://github.com/octocat",
      "followers_url": "https://api.github.com/users/octocat/followers",
      "following_url": "https://api.github.com/users/octocat/following{/other_user}",
      "gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
      "starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
      "subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
      "organizations_url": "https://api.github.com/users/octocat/orgs",
      "repos_url": "https://api.github.com/users/octocat/repos",
      "events_url": "https://api.github.com/users/octocat/events{/privacy}",
      "received_events_url": "https://api.github.com/users/octocat/received_events",
      "type": "User",
      "site_admin": false
    },
    "identifiers": [
      {
        "type": "GHSA",
        "value": "GHSA-abcd-1234-efgh"
      },
      {
        "type": "CVE",
        "value": "CVE-2050-00000"
      }
    ],
    "state": "published",
    "created_at": "2020-01-01T00:00:00Z",
    "updated_at": "2020-01-02T00:00:00Z",
    "published_at": "2020-01-03T00:00:00Z",
    "closed_at": null,
    "withdrawn_at": null,
    "submission": null,
    "vulnerabilities": [
      {
        "package": {
          "ecosystem": "pip",
          "name": "a-package"
        },
        "vulnerable_version_range": ">= 1.0.0, < 1.0.1",
        "patched_versions": "1.0.1",
        "vulnerable_functions": [
          "function1"
        ]
      },
      {
        "package": {
          "ecosystem": "pip",
          "name": "another-package"
        },
        "vulnerable_version_range": ">= 1.0.0, < 1.0.2",
        "patched_versions": "1.0.2",
        "vulnerable_functions": [
          "function2"
        ]
      }
    ],
    "cvss": {
      "vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "score": 9.8
    },
    "cwes": [
      {
        "cwe_id": "CWE-123",
        "name": "A CWE"
      }
    ],
    "cwe_ids": [
      "CWE-123"
    ],
    "credits": [
      {
        "login": "octocat",
        "type": "analyst"
      }
    ],
    "credits_detailed": [
      {
        "user": {
          "login": "octocat",
          "id": 1,
          "node_id": "MDQ6VXNlcjE=",
          "avatar_url": "https://github.com/images/error/octocat_happy.gif",
          "gravatar_id": "",
          "url": "https://api.github.com/users/octocat",
          "html_url": "https://github.com/octocat",
          "followers_url": "https://api.github.com/users/octocat/followers",
          "following_url": "https://api.github.com/users/octocat/following{/other_user}",
          "gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
          "starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
          "subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
          "organizations_url": "https://api.github.com/users/octocat/orgs",
          "repos_url": "https://api.github.com/users/octocat/repos",
          "events_url": "https://api.github.com/users/octocat/events{/privacy}",
          "received_events_url": "https://api.github.com/users/octocat/received_events",
          "type": "User",
          "site_admin": false
        },
        "type": "analyst",
        "state": "accepted"
      }
    ],
    "collaborating_users": [
      {
        "login": "octokitten",
        "id": 1,
        "node_id": "MDQ6VXNlcjE=",
        "avatar_url": "https://github.com/images/error/octokitten_happy.gif",
        "gravatar_id": "",
        "url": "https://api.github.com/users/octokitten",
        "html_url": "https://github.com/octokitten",
        "followers_url": "https://api.github.com/users/octokitten/followers",
        "following_url": "https://api.github.com/users/octokitten/following{/other_user}",
        "gists_url": "https://api.github.com/users/octokitten/gists{/gist_id}",
        "starred_url": "https://api.github.com/users/octokitten/starred{/owner}{/repo}",
        "subscriptions_url": "https://api.github.com/users/octokitten/subscriptions",
        "organizations_url": "https://api.github.com/users/octokitten/orgs",
        "repos_url": "https://api.github.com/users/octokitten/repos",
        "events_url": "https://api.github.com/users/octokitten/events{/privacy}",
        "received_events_url": "https://api.github.com/users/octokitten/received_events",
        "type": "User",
        "site_admin": false
      }
    ],
    "collaborating_teams": [
      {
        "name": "Justice League",
        "id": 1,
        "node_id": "MDQ6VGVhbTE=",
        "slug": "justice-league",
        "description": "A great team.",
        "privacy": "closed",
        "notification_setting": "notifications_enabled",
        "url": "https://api.github.com/teams/1",
        "html_url": "https://github.com/orgs/github/teams/justice-league",
        "members_url": "https://api.github.com/teams/1/members{/member}",
        "repositories_url": "https://api.github.com/teams/1/repos",
        "permission": "admin",
        "parent": null
      }
    ]
  },
  {
    "ghsa_id": "GHSA-1234-5678-9012",
    "cve_id": "CVE-2051-0000",
    "url": "https://api.github.com/repos/repo/a-package/security-advisories/GHSA-1234-5678-9012",
    "html_url": "https://github.com/repo/a-package/security/advisories/GHSA-1234-5678-9012",
    "summary": "A short summary of the advisory.",
    "description": "A detailed description of what the advisory entails.",
    "severity": "low",
    "author": {
      "login": "monauser",
      "id": 2,
      "node_id": "MDQ6VXNlcjE=",
      "avatar_url": "https://github.com/images/error/octocat_happy.gif",
      "gravatar_id": "",
      "url": "https://api.github.com/users/monauser",
      "html_url": "https://github.com/monauser",
      "followers_url": "https://api.github.com/users/monauser/followers",
      "following_url": "https://api.github.com/users/monauser/following{/other_user}",
      "gists_url": "https://api.github.com/users/monauser/gists{/gist_id}",
      "starred_url": "https://api.github.com/users/monauser/starred{/owner}{/repo}",
      "subscriptions_url": "https://api.github.com/users/monauser/subscriptions",
      "organizations_url": "https://api.github.com/users/monauser/orgs",
      "repos_url": "https://api.github.com/users/monauser/repos",
      "events_url": "https://api.github.com/users/monauser/events{/privacy}",
      "received_events_url": "https://api.github.com/users/monauser/received_events",
      "type": "User",
      "site_admin": false
    },
    "publisher": {
      "login": "monalisa",
      "id": 3,
      "node_id": "MDQ6VXNlcjE=",
      "avatar_url": "https://github.com/images/error/octocat_happy.gif",
      "gravatar_id": "",
      "url": "https://api.github.com/users/monalisa",
      "html_url": "https://github.com/monalisa",
      "followers_url": "https://api.github.com/users/monalisa/followers",
      "following_url": "https://api.github.com/users/monalisa/following{/other_user}",
      "gists_url": "https://api.github.com/users/monalisa/gists{/gist_id}",
      "starred_url": "https://api.github.com/users/monalisa/starred{/owner}{/repo}",
      "subscriptions_url": "https://api.github.com/users/monalisa/subscriptions",
      "organizations_url": "https://api.github.com/users/monalisa/orgs",
      "repos_url": "https://api.github.com/users/monalisa/repos",
      "events_url": "https://api.github.com/users/monalisa/events{/privacy}",
      "received_events_url": "https://api.github.com/users/monalisa/received_events",
      "type": "User",
      "site_admin": false
    },
    "identifiers": [
      {
        "type": "GHSA",
        "value": "GHSA-1234-5678-9012"
      },
      {
        "type": "CVE",
        "value": "CVE-2051-00000"
      }
    ],
    "state": "published",
    "created_at": "2020-01-03T00:00:00Z",
    "updated_at": "2020-01-04T00:00:00Z",
    "published_at": "2020-01-04T00:00:00Z",
    "closed_at": null,
    "withdrawn_at": null,
    "submission": [
      {
        "accepted": true
      }
    ],
    "vulnerabilities": [
      {
        "package": {
          "ecosystem": "pip",
          "name": "a-package"
        },
        "vulnerable_version_range": ">= 1.0.0, < 1.0.1",
        "patched_versions": "1.0.1",
        "vulnerable_functions": [
          "function1"
        ]
      },
      {
        "package": {
          "ecosystem": "pip",
          "name": "another-package"
        },
        "vulnerable_version_range": ">= 1.0.0, < 1.0.2",
        "patched_versions": "1.0.2",
        "vulnerable_functions": [
          "function2"
        ]
      }
    ],
    "cvss": {
      "vector_string": "AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N",
      "score": 1.6
    },
    "cwes": [
      {
        "cwe_id": "CWE-456",
        "name": "A CWE 2.0"
      }
    ],
    "cwe_ids": [
      "CWE-456"
    ],
    "credits": [
      {
        "login": "monauser",
        "type": "reporter"
      }
    ],
    "credits_detailed": [
      {
        "user": {
          "login": "monauser",
          "id": 2,
          "node_id": "MDQ6VXNlcjE=",
          "avatar_url": "https://github.com/images/error/octocat_happy.gif",
          "gravatar_id": "",
          "url": "https://api.github.com/users/monauser",
          "html_url": "https://github.com/monauser",
          "followers_url": "https://api.github.com/users/monauser/followers",
          "following_url": "https://api.github.com/users/monauser/following{/other_user}",
          "gists_url": "https://api.github.com/users/monauser/gists{/gist_id}",
          "starred_url": "https://api.github.com/users/monauser/starred{/owner}{/repo}",
          "subscriptions_url": "https://api.github.com/users/monauser/subscriptions",
          "organizations_url": "https://api.github.com/users/monauser/orgs",
          "repos_url": "https://api.github.com/users/monauser/repos",
          "events_url": "https://api.github.com/users/monauser/events{/privacy}",
          "received_events_url": "https://api.github.com/users/monauser/received_events",
          "type": "User",
          "site_admin": false
        },
        "type": "reporter",
        "state": "accepted"
      }
    ],
    "collaborating_users": [
      {
        "login": "octokitten",
        "id": 1,
        "node_id": "MDQ6VXNlcjE=",
        "avatar_url": "https://github.com/images/error/octokitten_happy.gif",
        "gravatar_id": "",
        "url": "https://api.github.com/users/octokitten",
        "html_url": "https://github.com/octokitten",
        "followers_url": "https://api.github.com/users/octokitten/followers",
        "following_url": "https://api.github.com/users/octokitten/following{/other_user}",
        "gists_url": "https://api.github.com/users/octokitten/gists{/gist_id}",
        "starred_url": "https://api.github.com/users/octokitten/starred{/owner}{/repo}",
        "subscriptions_url": "https://api.github.com/users/octokitten/subscriptions",
        "organizations_url": "https://api.github.com/users/octokitten/orgs",
        "repos_url": "https://api.github.com/users/octokitten/repos",
        "events_url": "https://api.github.com/users/octokitten/events{/privacy}",
        "received_events_url": "https://api.github.com/users/octokitten/received_events",
        "type": "User",
        "site_admin": false
      }
    ],
    "collaborating_teams": [
      {
        "name": "Justice League",
        "id": 1,
        "node_id": "MDQ6VGVhbTE=",
        "slug": "justice-league",
        "description": "A great team.",
        "privacy": "closed",
        "notification_setting": "notifications_enabled",
        "url": "https://api.github.com/teams/1",
        "html_url": "https://github.com/orgs/github/teams/justice-league",
        "members_url": "https://api.github.com/teams/1/members{/member}",
        "repositories_url": "https://api.github.com/teams/1/repos",
        "permission": "admin",
        "parent": null
      }
    ]
  }
]

List repository security advisories

に対応 GitHub Apps

Lists security advisories in a repository. You must authenticate using an access token with the repo scope or repository_advisories:read permission in order to get published security advisories in a private repository, or any unpublished security advisories that you have access to.

You can access unpublished security advisories from a repository if you are a security manager or administrator of that repository, or if you are a collaborator on any security advisory.

"List repository security advisories" のパラメーター

ヘッダー
名前, Type, 説明
`accept` string Setting to `application/vnd.github+json` is recommended.

パスパラメーター
名前, Type, 説明
`owner` string 必須 The account owner of the repository. The name is not case sensitive.
`repo` string 必須 The name of the repository without the `.git` extension. The name is not case sensitive.

クエリパラメーター
名前, Type, 説明
`direction` string The direction to sort the results by. Default: `desc` 次のいずれかにできます: `asc`, `desc`
`sort` string The property to sort the results by. Default: `created` 次のいずれかにできます: `created`, `updated`, `published`
`before` string A cursor, as given in the Link header. If specified, the query only searches for results before this cursor.
`after` string A cursor, as given in the Link header. If specified, the query only searches for results after this cursor.
`per_page` integer Number of advisories to return per page. Default: `30`
`state` string Filter by state of the repository advisories. Only advisories of this state will be returned. 次のいずれかにできます: `triage`, `draft`, `published`, `closed`

"List repository security advisories" の HTTP 応答状態コード

状態コード	説明
`200`	OK
`400`	Bad Request
`404`	Resource not found

"List repository security advisories" のコードサンプル

get/repos/{owner}/{repo}/security-advisories

curl -L \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/repos/OWNER/REPO/security-advisories

Response

Status: 200

[
  {
    "ghsa_id": "GHSA-abcd-1234-efgh",
    "cve_id": "CVE-2050-00000",
    "url": "https://api.github.com/repos/repo/a-package/security-advisories/GHSA-abcd-1234-efgh",
    "html_url": "https://github.com/repo/a-package/security/advisories/GHSA-abcd-1234-efgh",
    "summary": "A short summary of the advisory.",
    "description": "A detailed description of what the advisory entails.",
    "severity": "critical",
    "author": {
      "login": "octocat",
      "id": 1,
      "node_id": "MDQ6VXNlcjE=",
      "avatar_url": "https://github.com/images/error/octocat_happy.gif",
      "gravatar_id": "",
      "url": "https://api.github.com/users/octocat",
      "html_url": "https://github.com/octocat",
      "followers_url": "https://api.github.com/users/octocat/followers",
      "following_url": "https://api.github.com/users/octocat/following{/other_user}",
      "gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
      "starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
      "subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
      "organizations_url": "https://api.github.com/users/octocat/orgs",
      "repos_url": "https://api.github.com/users/octocat/repos",
      "events_url": "https://api.github.com/users/octocat/events{/privacy}",
      "received_events_url": "https://api.github.com/users/octocat/received_events",
      "type": "User",
      "site_admin": false
    },
    "publisher": {
      "login": "octocat",
      "id": 1,
      "node_id": "MDQ6VXNlcjE=",
      "avatar_url": "https://github.com/images/error/octocat_happy.gif",
      "gravatar_id": "",
      "url": "https://api.github.com/users/octocat",
      "html_url": "https://github.com/octocat",
      "followers_url": "https://api.github.com/users/octocat/followers",
      "following_url": "https://api.github.com/users/octocat/following{/other_user}",
      "gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
      "starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
      "subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
      "organizations_url": "https://api.github.com/users/octocat/orgs",
      "repos_url": "https://api.github.com/users/octocat/repos",
      "events_url": "https://api.github.com/users/octocat/events{/privacy}",
      "received_events_url": "https://api.github.com/users/octocat/received_events",
      "type": "User",
      "site_admin": false
    },
    "identifiers": [
      {
        "type": "GHSA",
        "value": "GHSA-abcd-1234-efgh"
      },
      {
        "type": "CVE",
        "value": "CVE-2050-00000"
      }
    ],
    "state": "published",
    "created_at": "2020-01-01T00:00:00Z",
    "updated_at": "2020-01-02T00:00:00Z",
    "published_at": "2020-01-03T00:00:00Z",
    "closed_at": null,
    "withdrawn_at": null,
    "submission": null,
    "vulnerabilities": [
      {
        "package": {
          "ecosystem": "pip",
          "name": "a-package"
        },
        "vulnerable_version_range": ">= 1.0.0, < 1.0.1",
        "patched_versions": "1.0.1",
        "vulnerable_functions": [
          "function1"
        ]
      },
      {
        "package": {
          "ecosystem": "pip",
          "name": "another-package"
        },
        "vulnerable_version_range": ">= 1.0.0, < 1.0.2",
        "patched_versions": "1.0.2",
        "vulnerable_functions": [
          "function2"
        ]
      }
    ],
    "cvss": {
      "vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "score": 9.8
    },
    "cwes": [
      {
        "cwe_id": "CWE-123",
        "name": "A CWE"
      }
    ],
    "cwe_ids": [
      "CWE-123"
    ],
    "credits": [
      {
        "login": "octocat",
        "type": "analyst"
      }
    ],
    "credits_detailed": [
      {
        "user": {
          "login": "octocat",
          "id": 1,
          "node_id": "MDQ6VXNlcjE=",
          "avatar_url": "https://github.com/images/error/octocat_happy.gif",
          "gravatar_id": "",
          "url": "https://api.github.com/users/octocat",
          "html_url": "https://github.com/octocat",
          "followers_url": "https://api.github.com/users/octocat/followers",
          "following_url": "https://api.github.com/users/octocat/following{/other_user}",
          "gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
          "starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
          "subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
          "organizations_url": "https://api.github.com/users/octocat/orgs",
          "repos_url": "https://api.github.com/users/octocat/repos",
          "events_url": "https://api.github.com/users/octocat/events{/privacy}",
          "received_events_url": "https://api.github.com/users/octocat/received_events",
          "type": "User",
          "site_admin": false
        },
        "type": "analyst",
        "state": "accepted"
      }
    ],
    "collaborating_users": [
      {
        "login": "octokitten",
        "id": 1,
        "node_id": "MDQ6VXNlcjE=",
        "avatar_url": "https://github.com/images/error/octokitten_happy.gif",
        "gravatar_id": "",
        "url": "https://api.github.com/users/octokitten",
        "html_url": "https://github.com/octokitten",
        "followers_url": "https://api.github.com/users/octokitten/followers",
        "following_url": "https://api.github.com/users/octokitten/following{/other_user}",
        "gists_url": "https://api.github.com/users/octokitten/gists{/gist_id}",
        "starred_url": "https://api.github.com/users/octokitten/starred{/owner}{/repo}",
        "subscriptions_url": "https://api.github.com/users/octokitten/subscriptions",
        "organizations_url": "https://api.github.com/users/octokitten/orgs",
        "repos_url": "https://api.github.com/users/octokitten/repos",
        "events_url": "https://api.github.com/users/octokitten/events{/privacy}",
        "received_events_url": "https://api.github.com/users/octokitten/received_events",
        "type": "User",
        "site_admin": false
      }
    ],
    "collaborating_teams": [
      {
        "name": "Justice League",
        "id": 1,
        "node_id": "MDQ6VGVhbTE=",
        "slug": "justice-league",
        "description": "A great team.",
        "privacy": "closed",
        "notification_setting": "notifications_enabled",
        "url": "https://api.github.com/teams/1",
        "html_url": "https://github.com/orgs/github/teams/justice-league",
        "members_url": "https://api.github.com/teams/1/members{/member}",
        "repositories_url": "https://api.github.com/teams/1/repos",
        "permission": "admin",
        "parent": null
      }
    ]
  },
  {
    "ghsa_id": "GHSA-1234-5678-9012",
    "cve_id": "CVE-2051-0000",
    "url": "https://api.github.com/repos/repo/a-package/security-advisories/GHSA-1234-5678-9012",
    "html_url": "https://github.com/repo/a-package/security/advisories/GHSA-1234-5678-9012",
    "summary": "A short summary of the advisory.",
    "description": "A detailed description of what the advisory entails.",
    "severity": "low",
    "author": {
      "login": "monauser",
      "id": 2,
      "node_id": "MDQ6VXNlcjE=",
      "avatar_url": "https://github.com/images/error/octocat_happy.gif",
      "gravatar_id": "",
      "url": "https://api.github.com/users/monauser",
      "html_url": "https://github.com/monauser",
      "followers_url": "https://api.github.com/users/monauser/followers",
      "following_url": "https://api.github.com/users/monauser/following{/other_user}",
      "gists_url": "https://api.github.com/users/monauser/gists{/gist_id}",
      "starred_url": "https://api.github.com/users/monauser/starred{/owner}{/repo}",
      "subscriptions_url": "https://api.github.com/users/monauser/subscriptions",
      "organizations_url": "https://api.github.com/users/monauser/orgs",
      "repos_url": "https://api.github.com/users/monauser/repos",
      "events_url": "https://api.github.com/users/monauser/events{/privacy}",
      "received_events_url": "https://api.github.com/users/monauser/received_events",
      "type": "User",
      "site_admin": false
    },
    "publisher": {
      "login": "monalisa",
      "id": 3,
      "node_id": "MDQ6VXNlcjE=",
      "avatar_url": "https://github.com/images/error/octocat_happy.gif",
      "gravatar_id": "",
      "url": "https://api.github.com/users/monalisa",
      "html_url": "https://github.com/monalisa",
      "followers_url": "https://api.github.com/users/monalisa/followers",
      "following_url": "https://api.github.com/users/monalisa/following{/other_user}",
      "gists_url": "https://api.github.com/users/monalisa/gists{/gist_id}",
      "starred_url": "https://api.github.com/users/monalisa/starred{/owner}{/repo}",
      "subscriptions_url": "https://api.github.com/users/monalisa/subscriptions",
      "organizations_url": "https://api.github.com/users/monalisa/orgs",
      "repos_url": "https://api.github.com/users/monalisa/repos",
      "events_url": "https://api.github.com/users/monalisa/events{/privacy}",
      "received_events_url": "https://api.github.com/users/monalisa/received_events",
      "type": "User",
      "site_admin": false
    },
    "identifiers": [
      {
        "type": "GHSA",
        "value": "GHSA-1234-5678-9012"
      },
      {
        "type": "CVE",
        "value": "CVE-2051-00000"
      }
    ],
    "state": "published",
    "created_at": "2020-01-03T00:00:00Z",
    "updated_at": "2020-01-04T00:00:00Z",
    "published_at": "2020-01-04T00:00:00Z",
    "closed_at": null,
    "withdrawn_at": null,
    "submission": [
      {
        "accepted": true
      }
    ],
    "vulnerabilities": [
      {
        "package": {
          "ecosystem": "pip",
          "name": "a-package"
        },
        "vulnerable_version_range": ">= 1.0.0, < 1.0.1",
        "patched_versions": "1.0.1",
        "vulnerable_functions": [
          "function1"
        ]
      },
      {
        "package": {
          "ecosystem": "pip",
          "name": "another-package"
        },
        "vulnerable_version_range": ">= 1.0.0, < 1.0.2",
        "patched_versions": "1.0.2",
        "vulnerable_functions": [
          "function2"
        ]
      }
    ],
    "cvss": {
      "vector_string": "AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N",
      "score": 1.6
    },
    "cwes": [
      {
        "cwe_id": "CWE-456",
        "name": "A CWE 2.0"
      }
    ],
    "cwe_ids": [
      "CWE-456"
    ],
    "credits": [
      {
        "login": "monauser",
        "type": "reporter"
      }
    ],
    "credits_detailed": [
      {
        "user": {
          "login": "monauser",
          "id": 2,
          "node_id": "MDQ6VXNlcjE=",
          "avatar_url": "https://github.com/images/error/octocat_happy.gif",
          "gravatar_id": "",
          "url": "https://api.github.com/users/monauser",
          "html_url": "https://github.com/monauser",
          "followers_url": "https://api.github.com/users/monauser/followers",
          "following_url": "https://api.github.com/users/monauser/following{/other_user}",
          "gists_url": "https://api.github.com/users/monauser/gists{/gist_id}",
          "starred_url": "https://api.github.com/users/monauser/starred{/owner}{/repo}",
          "subscriptions_url": "https://api.github.com/users/monauser/subscriptions",
          "organizations_url": "https://api.github.com/users/monauser/orgs",
          "repos_url": "https://api.github.com/users/monauser/repos",
          "events_url": "https://api.github.com/users/monauser/events{/privacy}",
          "received_events_url": "https://api.github.com/users/monauser/received_events",
          "type": "User",
          "site_admin": false
        },
        "type": "reporter",
        "state": "accepted"
      }
    ],
    "collaborating_users": [
      {
        "login": "octokitten",
        "id": 1,
        "node_id": "MDQ6VXNlcjE=",
        "avatar_url": "https://github.com/images/error/octokitten_happy.gif",
        "gravatar_id": "",
        "url": "https://api.github.com/users/octokitten",
        "html_url": "https://github.com/octokitten",
        "followers_url": "https://api.github.com/users/octokitten/followers",
        "following_url": "https://api.github.com/users/octokitten/following{/other_user}",
        "gists_url": "https://api.github.com/users/octokitten/gists{/gist_id}",
        "starred_url": "https://api.github.com/users/octokitten/starred{/owner}{/repo}",
        "subscriptions_url": "https://api.github.com/users/octokitten/subscriptions",
        "organizations_url": "https://api.github.com/users/octokitten/orgs",
        "repos_url": "https://api.github.com/users/octokitten/repos",
        "events_url": "https://api.github.com/users/octokitten/events{/privacy}",
        "received_events_url": "https://api.github.com/users/octokitten/received_events",
        "type": "User",
        "site_admin": false
      }
    ],
    "collaborating_teams": [
      {
        "name": "Justice League",
        "id": 1,
        "node_id": "MDQ6VGVhbTE=",
        "slug": "justice-league",
        "description": "A great team.",
        "privacy": "closed",
        "notification_setting": "notifications_enabled",
        "url": "https://api.github.com/teams/1",
        "html_url": "https://github.com/orgs/github/teams/justice-league",
        "members_url": "https://api.github.com/teams/1/members{/member}",
        "repositories_url": "https://api.github.com/teams/1/repos",
        "permission": "admin",
        "parent": null
      }
    ]
  }
]

Create a repository security advisory

に対応 GitHub Apps

Creates a new repository security advisory. You must authenticate using an access token with the repo scope or repository_advisories:write permission to use this endpoint.

In order to create a draft repository security advisory, you must be a security manager or administrator of that repository.

"Create a repository security advisory" のパラメーター

ヘッダー
名前, Type, 説明
`accept` string Setting to `application/vnd.github+json` is recommended.

パスパラメーター
名前, Type, 説明
`owner` string 必須 The account owner of the repository. The name is not case sensitive.
`repo` string 必須 The name of the repository without the `.git` extension. The name is not case sensitive.

名前, Type, 説明

summary string 必須

A short summary of the advisory.

description string 必須

A detailed description of what the advisory impacts.

cve_id string or null

The Common Vulnerabilities and Exposures (CVE) ID.

vulnerabilities array of objects 必須

A product affected by the vulnerability detailed in a repository security advisory.

Properties of vulnerabilities

名前, Type, 説明

package object 必須

The name of the package affected by the vulnerability.

Properties of package

名前, Type, 説明
`ecosystem` string 必須 The package's language or package management ecosystem. 次のいずれかにできます: `rubygems`, `npm`, `pip`, `maven`, `nuget`, `composer`, `go`, `rust`, `erlang`, `actions`, `pub`, `other`, `swift`
`name` string or null The unique package name within its ecosystem.

vulnerable_version_range string or null

The range of the package versions affected by the vulnerability.

patched_versions string or null

The package version(s) that resolve the vulnerability.

vulnerable_functions array of strings or null

The functions in the package that are affected.

cwe_ids array of strings or null

A list of Common Weakness Enumeration (CWE) IDs.

credits array of objects or null

A list of users receiving credit for their participation in the security advisory.

Properties of credits

名前, Type, 説明
`login` string 必須 The username of the user credited.
`type` string 必須 The type of credit the user is receiving. 次のいずれかにできます: `analyst`, `finder`, `reporter`, `coordinator`, `remediation_developer`, `remediation_reviewer`, `remediation_verifier`, `tool`, `sponsor`, `other`

severity string or null

The severity of the advisory. You must choose between setting this field or cvss_vector_string.

次のいずれかにできます: critical, high, medium, low, null

cvss_vector_string string or null

The CVSS vector that calculates the severity of the advisory. You must choose between setting this field or severity.

"Create a repository security advisory" の HTTP 応答状態コード

状態コード	説明
`201`	Created
`403`	Forbidden
`404`	Resource not found
`422`	Validation failed, or the endpoint has been spammed.

"Create a repository security advisory" のコードサンプル

post/repos/{owner}/{repo}/security-advisories

curl -L \
  -X POST \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/repos/OWNER/REPO/security-advisories \
  -d '{"summary":"A new important advisory","description":"A more in-depth description of what the problem is.","severity":"high","cve_id":null,"vulnerabilities":[{"package":{"name":"a-package","ecosystem":"npm"},"vulnerable_version_range":"< 1.0.0","patched_versions":"1.0.0","vulnerable_functions":["important_function"]}],"cwe_ids":["CWE-1101","CWE-20"],"credits":[{"login":"monalisa","type":"reporter"},{"login":"octocat","type":"analyst"}]}'

Response

Status: 201

{
  "ghsa_id": "GHSA-abcd-1234-efgh",
  "cve_id": "CVE-2050-00000",
  "url": "https://api.github.com/repos/repo/a-package/security-advisories/GHSA-abcd-1234-efgh",
  "html_url": "https://github.com/repo/a-package/security/advisories/GHSA-abcd-1234-efgh",
  "summary": "A short summary of the advisory.",
  "description": "A detailed description of what the advisory entails.",
  "severity": "critical",
  "author": {
    "login": "octocat",
    "id": 1,
    "node_id": "MDQ6VXNlcjE=",
    "avatar_url": "https://github.com/images/error/octocat_happy.gif",
    "gravatar_id": "",
    "url": "https://api.github.com/users/octocat",
    "html_url": "https://github.com/octocat",
    "followers_url": "https://api.github.com/users/octocat/followers",
    "following_url": "https://api.github.com/users/octocat/following{/other_user}",
    "gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
    "starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
    "subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
    "organizations_url": "https://api.github.com/users/octocat/orgs",
    "repos_url": "https://api.github.com/users/octocat/repos",
    "events_url": "https://api.github.com/users/octocat/events{/privacy}",
    "received_events_url": "https://api.github.com/users/octocat/received_events",
    "type": "User",
    "site_admin": false
  },
  "publisher": {
    "login": "octocat",
    "id": 1,
    "node_id": "MDQ6VXNlcjE=",
    "avatar_url": "https://github.com/images/error/octocat_happy.gif",
    "gravatar_id": "",
    "url": "https://api.github.com/users/octocat",
    "html_url": "https://github.com/octocat",
    "followers_url": "https://api.github.com/users/octocat/followers",
    "following_url": "https://api.github.com/users/octocat/following{/other_user}",
    "gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
    "starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
    "subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
    "organizations_url": "https://api.github.com/users/octocat/orgs",
    "repos_url": "https://api.github.com/users/octocat/repos",
    "events_url": "https://api.github.com/users/octocat/events{/privacy}",
    "received_events_url": "https://api.github.com/users/octocat/received_events",
    "type": "User",
    "site_admin": false
  },
  "identifiers": [
    {
      "type": "GHSA",
      "value": "GHSA-abcd-1234-efgh"
    },
    {
      "type": "CVE",
      "value": "CVE-2050-00000"
    }
  ],
  "state": "published",
  "created_at": "2020-01-01T00:00:00Z",
  "updated_at": "2020-01-02T00:00:00Z",
  "published_at": "2020-01-03T00:00:00Z",
  "closed_at": null,
  "withdrawn_at": null,
  "submission": null,
  "vulnerabilities": [
    {
      "package": {
        "ecosystem": "pip",
        "name": "a-package"
      },
      "vulnerable_version_range": ">= 1.0.0, < 1.0.1",
      "patched_versions": "1.0.1",
      "vulnerable_functions": [
        "function1"
      ]
    },
    {
      "package": {
        "ecosystem": "pip",
        "name": "another-package"
      },
      "vulnerable_version_range": ">= 1.0.0, < 1.0.2",
      "patched_versions": "1.0.2",
      "vulnerable_functions": [
        "function2"
      ]
    }
  ],
  "cvss": {
    "vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
    "score": 9.8
  },
  "cwes": [
    {
      "cwe_id": "CWE-123",
      "name": "A CWE"
    }
  ],
  "cwe_ids": [
    "CWE-123"
  ],
  "credits": [
    {
      "login": "octocat",
      "type": "analyst"
    }
  ],
  "credits_detailed": [
    {
      "user": {
        "login": "octocat",
        "id": 1,
        "node_id": "MDQ6VXNlcjE=",
        "avatar_url": "https://github.com/images/error/octocat_happy.gif",
        "gravatar_id": "",
        "url": "https://api.github.com/users/octocat",
        "html_url": "https://github.com/octocat",
        "followers_url": "https://api.github.com/users/octocat/followers",
        "following_url": "https://api.github.com/users/octocat/following{/other_user}",
        "gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
        "starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
        "subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
        "organizations_url": "https://api.github.com/users/octocat/orgs",
        "repos_url": "https://api.github.com/users/octocat/repos",
        "events_url": "https://api.github.com/users/octocat/events{/privacy}",
        "received_events_url": "https://api.github.com/users/octocat/received_events",
        "type": "User",
        "site_admin": false
      },
      "type": "analyst",
      "state": "accepted"
    }
  ],
  "collaborating_users": [
    {
      "login": "octokitten",
      "id": 1,
      "node_id": "MDQ6VXNlcjE=",
      "avatar_url": "https://github.com/images/error/octokitten_happy.gif",
      "gravatar_id": "",
      "url": "https://api.github.com/users/octokitten",
      "html_url": "https://github.com/octokitten",
      "followers_url": "https://api.github.com/users/octokitten/followers",
      "following_url": "https://api.github.com/users/octokitten/following{/other_user}",
      "gists_url": "https://api.github.com/users/octokitten/gists{/gist_id}",
      "starred_url": "https://api.github.com/users/octokitten/starred{/owner}{/repo}",
      "subscriptions_url": "https://api.github.com/users/octokitten/subscriptions",
      "organizations_url": "https://api.github.com/users/octokitten/orgs",
      "repos_url": "https://api.github.com/users/octokitten/repos",
      "events_url": "https://api.github.com/users/octokitten/events{/privacy}",
      "received_events_url": "https://api.github.com/users/octokitten/received_events",
      "type": "User",
      "site_admin": false
    }
  ],
  "collaborating_teams": [
    {
      "name": "Justice League",
      "id": 1,
      "node_id": "MDQ6VGVhbTE=",
      "slug": "justice-league",
      "description": "A great team.",
      "privacy": "closed",
      "notification_setting": "notifications_enabled",
      "url": "https://api.github.com/teams/1",
      "html_url": "https://github.com/orgs/github/teams/justice-league",
      "members_url": "https://api.github.com/teams/1/members{/member}",
      "repositories_url": "https://api.github.com/teams/1/repos",
      "permission": "admin",
      "parent": null
    }
  ]
}

Privately report a security vulnerability

に対応 GitHub Apps

Report a security vulnerability to the maintainers of the repository. See "Privately reporting a security vulnerability" for more information about private vulnerability reporting.

"Privately report a security vulnerability" のパラメーター

ヘッダー
名前, Type, 説明
`accept` string Setting to `application/vnd.github+json` is recommended.

パスパラメーター
名前, Type, 説明
`owner` string 必須 The account owner of the repository. The name is not case sensitive.
`repo` string 必須 The name of the repository without the `.git` extension. The name is not case sensitive.

名前, Type, 説明

summary string 必須

A short summary of the advisory.

description string 必須

A detailed description of what the advisory impacts.

vulnerabilities array of objects or null

An array of products affected by the vulnerability detailed in a repository security advisory.

Properties of vulnerabilities

名前, Type, 説明

package object 必須

The name of the package affected by the vulnerability.

Properties of package

名前, Type, 説明
`ecosystem` string 必須 The package's language or package management ecosystem. 次のいずれかにできます: `rubygems`, `npm`, `pip`, `maven`, `nuget`, `composer`, `go`, `rust`, `erlang`, `actions`, `pub`, `other`, `swift`
`name` string or null The unique package name within its ecosystem.

vulnerable_version_range string or null

The range of the package versions affected by the vulnerability.

patched_versions string or null

The package version(s) that resolve the vulnerability.

vulnerable_functions array of strings or null

The functions in the package that are affected.

cwe_ids array of strings or null

A list of Common Weakness Enumeration (CWE) IDs.

severity string or null

The severity of the advisory. You must choose between setting this field or cvss_vector_string.

次のいずれかにできます: critical, high, medium, low, null

cvss_vector_string string or null

The CVSS vector that calculates the severity of the advisory. You must choose between setting this field or severity.

"Privately report a security vulnerability" の HTTP 応答状態コード

状態コード	説明
`201`	Created
`403`	Forbidden
`404`	Resource not found
`422`	Validation failed, or the endpoint has been spammed.

"Privately report a security vulnerability" のコードサンプル

post/repos/{owner}/{repo}/security-advisories/reports

curl -L \
  -X POST \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/repos/OWNER/REPO/security-advisories/reports \
  -d '{"summary":"A newly discovered vulnerability","description":"A more in-depth description of what the problem is.","severity":"high","vulnerabilities":[{"package":{"name":"a-package","ecosystem":"npm"},"vulnerable_version_range":"< 1.0.0","patched_versions":"1.0.0","vulnerable_functions":["important_function"]}],"cwe_ids":["CWE-123"]}'

Response

Status: 201

{
  "ghsa_id": "GHSA-abcd-1234-efgh",
  "cve_id": "CVE-2050-00000",
  "url": "https://api.github.com/repos/repo/a-package/security-advisories/GHSA-abcd-1234-efgh",
  "html_url": "https://github.com/repo/a-package/security/advisories/GHSA-abcd-1234-efgh",
  "summary": "A newly discovered vulnerability",
  "description": "A more in-depth description of what the problem is.",
  "severity": "high",
  "author": {
    "login": "octocat",
    "id": 1,
    "node_id": "MDQ6VXNlcjE=",
    "avatar_url": "https://github.com/images/error/octocat_happy.gif",
    "gravatar_id": "",
    "url": "https://api.github.com/users/octocat",
    "html_url": "https://github.com/octocat",
    "followers_url": "https://api.github.com/users/octocat/followers",
    "following_url": "https://api.github.com/users/octocat/following{/other_user}",
    "gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
    "starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
    "subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
    "organizations_url": "https://api.github.com/users/octocat/orgs",
    "repos_url": "https://api.github.com/users/octocat/repos",
    "events_url": "https://api.github.com/users/octocat/events{/privacy}",
    "received_events_url": "https://api.github.com/users/octocat/received_events",
    "type": "User",
    "site_admin": false
  },
  "publisher": null,
  "identifiers": [
    {
      "type": "GHSA",
      "value": "GHSA-abcd-1234-efgh"
    },
    {
      "type": "CVE",
      "value": null
    }
  ],
  "state": "triage",
  "created_at": "2020-01-01T00:00:00Z",
  "updated_at": "2020-01-02T00:00:00Z",
  "published_at": null,
  "closed_at": null,
  "withdrawn_at": null,
  "submission": {
    "accepted": false
  },
  "vulnerabilities": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "a-package"
      },
      "vulnerable_version_range": "< 1.0.0",
      "patched_versions": "1.0.0",
      "vulnerable_functions": [
        "important_function"
      ]
    }
  ],
  "cvss": null,
  "cwes": [
    {
      "cwe_id": "CWE-123",
      "name": "A CWE"
    }
  ],
  "cwe_ids": [
    "CWE-123"
  ],
  "credits": [
    {
      "login": "octocat",
      "type": "finder"
    }
  ],
  "credits_detailed": [
    {
      "user": {
        "login": "octocat",
        "id": 1,
        "node_id": "MDQ6VXNlcjE=",
        "avatar_url": "https://github.com/images/error/octocat_happy.gif",
        "gravatar_id": "",
        "url": "https://api.github.com/users/octocat",
        "html_url": "https://github.com/octocat",
        "followers_url": "https://api.github.com/users/octocat/followers",
        "following_url": "https://api.github.com/users/octocat/following{/other_user}",
        "gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
        "starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
        "subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
        "organizations_url": "https://api.github.com/users/octocat/orgs",
        "repos_url": "https://api.github.com/users/octocat/repos",
        "events_url": "https://api.github.com/users/octocat/events{/privacy}",
        "received_events_url": "https://api.github.com/users/octocat/received_events",
        "type": "User",
        "site_admin": false
      },
      "type": "finder",
      "state": "accepted"
    }
  ],
  "collaborating_users": [
    {
      "login": "octocat",
      "id": 1,
      "node_id": "MDQ6VXNlcjE=",
      "avatar_url": "https://github.com/images/error/octocat_happy.gif",
      "gravatar_id": "",
      "url": "https://api.github.com/users/octocat",
      "html_url": "https://github.com/octocat",
      "followers_url": "https://api.github.com/users/octocat/followers",
      "following_url": "https://api.github.com/users/octocat/following{/other_user}",
      "gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
      "starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
      "subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
      "organizations_url": "https://api.github.com/users/octocat/orgs",
      "repos_url": "https://api.github.com/users/octocat/repos",
      "events_url": "https://api.github.com/users/octocat/events{/privacy}",
      "received_events_url": "https://api.github.com/users/octocat/received_events",
      "type": "User",
      "site_admin": false
    }
  ],
  "collaborating_teams": [
    {
      "name": "Justice League",
      "id": 1,
      "node_id": "MDQ6VGVhbTE=",
      "slug": "justice-league",
      "description": "A great team.",
      "privacy": "closed",
      "notification_setting": "notifications_enabled",
      "url": "https://api.github.com/teams/1",
      "html_url": "https://github.com/orgs/github/teams/justice-league",
      "members_url": "https://api.github.com/teams/1/members{/member}",
      "repositories_url": "https://api.github.com/teams/1/repos",
      "permission": "admin",
      "parent": null
    }
  ]
}

Get a repository security advisory

に対応 GitHub Apps

Get a repository security advisory using its GitHub Security Advisory (GHSA) identifier. You can access any published security advisory on a public repository. You must authenticate using an access token with the repo scope or repository_advisories:read permission in order to get a published security advisory in a private repository, or any unpublished security advisory that you have access to.

You can access an unpublished security advisory from a repository if you are a security manager or administrator of that repository, or if you are a collaborator on the security advisory.

"Get a repository security advisory" のパラメーター

ヘッダー
名前, Type, 説明
`accept` string Setting to `application/vnd.github+json` is recommended.

パスパラメーター
名前, Type, 説明
`owner` string 必須 The account owner of the repository. The name is not case sensitive.
`repo` string 必須 The name of the repository without the `.git` extension. The name is not case sensitive.
`ghsa_id` string 必須 The GHSA (GitHub Security Advisory) identifier of the advisory.

"Get a repository security advisory" の HTTP 応答状態コード

状態コード	説明
`200`	OK
`403`	Forbidden
`404`	Resource not found

"Get a repository security advisory" のコードサンプル

get/repos/{owner}/{repo}/security-advisories/{ghsa_id}

curl -L \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/repos/OWNER/REPO/security-advisories/GHSA_ID

Response

Status: 200

{
  "ghsa_id": "GHSA-abcd-1234-efgh",
  "cve_id": "CVE-2050-00000",
  "url": "https://api.github.com/repos/repo/a-package/security-advisories/GHSA-abcd-1234-efgh",
  "html_url": "https://github.com/repo/a-package/security/advisories/GHSA-abcd-1234-efgh",
  "summary": "A short summary of the advisory.",
  "description": "A detailed description of what the advisory entails.",
  "severity": "critical",
  "author": {
    "login": "octocat",
    "id": 1,
    "node_id": "MDQ6VXNlcjE=",
    "avatar_url": "https://github.com/images/error/octocat_happy.gif",
    "gravatar_id": "",
    "url": "https://api.github.com/users/octocat",
    "html_url": "https://github.com/octocat",
    "followers_url": "https://api.github.com/users/octocat/followers",
    "following_url": "https://api.github.com/users/octocat/following{/other_user}",
    "gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
    "starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
    "subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
    "organizations_url": "https://api.github.com/users/octocat/orgs",
    "repos_url": "https://api.github.com/users/octocat/repos",
    "events_url": "https://api.github.com/users/octocat/events{/privacy}",
    "received_events_url": "https://api.github.com/users/octocat/received_events",
    "type": "User",
    "site_admin": false
  },
  "publisher": {
    "login": "octocat",
    "id": 1,
    "node_id": "MDQ6VXNlcjE=",
    "avatar_url": "https://github.com/images/error/octocat_happy.gif",
    "gravatar_id": "",
    "url": "https://api.github.com/users/octocat",
    "html_url": "https://github.com/octocat",
    "followers_url": "https://api.github.com/users/octocat/followers",
    "following_url": "https://api.github.com/users/octocat/following{/other_user}",
    "gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
    "starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
    "subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
    "organizations_url": "https://api.github.com/users/octocat/orgs",
    "repos_url": "https://api.github.com/users/octocat/repos",
    "events_url": "https://api.github.com/users/octocat/events{/privacy}",
    "received_events_url": "https://api.github.com/users/octocat/received_events",
    "type": "User",
    "site_admin": false
  },
  "identifiers": [
    {
      "type": "GHSA",
      "value": "GHSA-abcd-1234-efgh"
    },
    {
      "type": "CVE",
      "value": "CVE-2050-00000"
    }
  ],
  "state": "published",
  "created_at": "2020-01-01T00:00:00Z",
  "updated_at": "2020-01-02T00:00:00Z",
  "published_at": "2020-01-03T00:00:00Z",
  "closed_at": null,
  "withdrawn_at": null,
  "submission": null,
  "vulnerabilities": [
    {
      "package": {
        "ecosystem": "pip",
        "name": "a-package"
      },
      "vulnerable_version_range": ">= 1.0.0, < 1.0.1",
      "patched_versions": "1.0.1",
      "vulnerable_functions": [
        "function1"
      ]
    },
    {
      "package": {
        "ecosystem": "pip",
        "name": "another-package"
      },
      "vulnerable_version_range": ">= 1.0.0, < 1.0.2",
      "patched_versions": "1.0.2",
      "vulnerable_functions": [
        "function2"
      ]
    }
  ],
  "cvss": {
    "vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
    "score": 9.8
  },
  "cwes": [
    {
      "cwe_id": "CWE-123",
      "name": "A CWE"
    }
  ],
  "cwe_ids": [
    "CWE-123"
  ],
  "credits": [
    {
      "login": "octocat",
      "type": "analyst"
    }
  ],
  "credits_detailed": [
    {
      "user": {
        "login": "octocat",
        "id": 1,
        "node_id": "MDQ6VXNlcjE=",
        "avatar_url": "https://github.com/images/error/octocat_happy.gif",
        "gravatar_id": "",
        "url": "https://api.github.com/users/octocat",
        "html_url": "https://github.com/octocat",
        "followers_url": "https://api.github.com/users/octocat/followers",
        "following_url": "https://api.github.com/users/octocat/following{/other_user}",
        "gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
        "starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
        "subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
        "organizations_url": "https://api.github.com/users/octocat/orgs",
        "repos_url": "https://api.github.com/users/octocat/repos",
        "events_url": "https://api.github.com/users/octocat/events{/privacy}",
        "received_events_url": "https://api.github.com/users/octocat/received_events",
        "type": "User",
        "site_admin": false
      },
      "type": "analyst",
      "state": "accepted"
    }
  ],
  "collaborating_users": [
    {
      "login": "octokitten",
      "id": 1,
      "node_id": "MDQ6VXNlcjE=",
      "avatar_url": "https://github.com/images/error/octokitten_happy.gif",
      "gravatar_id": "",
      "url": "https://api.github.com/users/octokitten",
      "html_url": "https://github.com/octokitten",
      "followers_url": "https://api.github.com/users/octokitten/followers",
      "following_url": "https://api.github.com/users/octokitten/following{/other_user}",
      "gists_url": "https://api.github.com/users/octokitten/gists{/gist_id}",
      "starred_url": "https://api.github.com/users/octokitten/starred{/owner}{/repo}",
      "subscriptions_url": "https://api.github.com/users/octokitten/subscriptions",
      "organizations_url": "https://api.github.com/users/octokitten/orgs",
      "repos_url": "https://api.github.com/users/octokitten/repos",
      "events_url": "https://api.github.com/users/octokitten/events{/privacy}",
      "received_events_url": "https://api.github.com/users/octokitten/received_events",
      "type": "User",
      "site_admin": false
    }
  ],
  "collaborating_teams": [
    {
      "name": "Justice League",
      "id": 1,
      "node_id": "MDQ6VGVhbTE=",
      "slug": "justice-league",
      "description": "A great team.",
      "privacy": "closed",
      "notification_setting": "notifications_enabled",
      "url": "https://api.github.com/teams/1",
      "html_url": "https://github.com/orgs/github/teams/justice-league",
      "members_url": "https://api.github.com/teams/1/members{/member}",
      "repositories_url": "https://api.github.com/teams/1/repos",
      "permission": "admin",
      "parent": null
    }
  ]
}

Update a repository security advisory

に対応 GitHub Apps

Update a repository security advisory using its GitHub Security Advisory (GHSA) identifier. You must authenticate using an access token with the repo scope or repository_advisories:write permission to use this endpoint.

In order to update any security advisory, you must be a security manager or administrator of that repository, or a collaborator on the repository security advisory.

"Update a repository security advisory" のパラメーター

ヘッダー
名前, Type, 説明
`accept` string Setting to `application/vnd.github+json` is recommended.

パスパラメーター
名前, Type, 説明
`owner` string 必須 The account owner of the repository. The name is not case sensitive.
`repo` string 必須 The name of the repository without the `.git` extension. The name is not case sensitive.
`ghsa_id` string 必須 The GHSA (GitHub Security Advisory) identifier of the advisory.

名前, Type, 説明

summary string

A short summary of the advisory.

description string

A detailed description of what the advisory impacts.

cve_id string or null

The Common Vulnerabilities and Exposures (CVE) ID.

vulnerabilities array of objects

A product affected by the vulnerability detailed in a repository security advisory.

Properties of vulnerabilities

名前, Type, 説明

package object 必須

The name of the package affected by the vulnerability.

Properties of package

名前, Type, 説明
`ecosystem` string 必須 The package's language or package management ecosystem. 次のいずれかにできます: `rubygems`, `npm`, `pip`, `maven`, `nuget`, `composer`, `go`, `rust`, `erlang`, `actions`, `pub`, `other`, `swift`
`name` string or null The unique package name within its ecosystem.

vulnerable_version_range string or null

The range of the package versions affected by the vulnerability.

patched_versions string or null

The package version(s) that resolve the vulnerability.

vulnerable_functions array of strings or null

The functions in the package that are affected.

cwe_ids array of strings or null

A list of Common Weakness Enumeration (CWE) IDs.

credits array of objects or null

A list of users receiving credit for their participation in the security advisory.

Properties of credits

名前, Type, 説明
`login` string 必須 The username of the user credited.
`type` string 必須 The type of credit the user is receiving. 次のいずれかにできます: `analyst`, `finder`, `reporter`, `coordinator`, `remediation_developer`, `remediation_reviewer`, `remediation_verifier`, `tool`, `sponsor`, `other`

severity string or null

The severity of the advisory. You must choose between setting this field or cvss_vector_string.

次のいずれかにできます: critical, high, medium, low, null

cvss_vector_string string or null

The CVSS vector that calculates the severity of the advisory. You must choose between setting this field or severity.

state string

The state of the advisory.

次のいずれかにできます: published, closed, draft

collaborating_users array of strings or null

A list of usernames who have been granted write access to the advisory.

collaborating_teams array of strings or null

A list of team slugs which have been granted write access to the advisory.

"Update a repository security advisory" の HTTP 応答状態コード

状態コード	説明
`200`	OK
`403`	Forbidden
`404`	Resource not found
`422`	Validation failed, or the endpoint has been spammed.

"Update a repository security advisory" のコードサンプル

Select the example type

patch/repos/{owner}/{repo}/security-advisories/{ghsa_id}

curl -L \
  -X PATCH \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/repos/OWNER/REPO/security-advisories/GHSA_ID \
  -d '{"severity":"critical","state":"published"}'

Response

Status: 200

{
  "ghsa_id": "GHSA-abcd-1234-efgh",
  "cve_id": "CVE-2050-00000",
  "url": "https://api.github.com/repos/repo/a-package/security-advisories/GHSA-abcd-1234-efgh",
  "html_url": "https://github.com/repo/a-package/security/advisories/GHSA-abcd-1234-efgh",
  "summary": "A short summary of the advisory.",
  "description": "A detailed description of what the advisory entails.",
  "severity": "critical",
  "author": {
    "login": "octocat",
    "id": 1,
    "node_id": "MDQ6VXNlcjE=",
    "avatar_url": "https://github.com/images/error/octocat_happy.gif",
    "gravatar_id": "",
    "url": "https://api.github.com/users/octocat",
    "html_url": "https://github.com/octocat",
    "followers_url": "https://api.github.com/users/octocat/followers",
    "following_url": "https://api.github.com/users/octocat/following{/other_user}",
    "gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
    "starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
    "subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
    "organizations_url": "https://api.github.com/users/octocat/orgs",
    "repos_url": "https://api.github.com/users/octocat/repos",
    "events_url": "https://api.github.com/users/octocat/events{/privacy}",
    "received_events_url": "https://api.github.com/users/octocat/received_events",
    "type": "User",
    "site_admin": false
  },
  "publisher": {
    "login": "octocat",
    "id": 1,
    "node_id": "MDQ6VXNlcjE=",
    "avatar_url": "https://github.com/images/error/octocat_happy.gif",
    "gravatar_id": "",
    "url": "https://api.github.com/users/octocat",
    "html_url": "https://github.com/octocat",
    "followers_url": "https://api.github.com/users/octocat/followers",
    "following_url": "https://api.github.com/users/octocat/following{/other_user}",
    "gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
    "starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
    "subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
    "organizations_url": "https://api.github.com/users/octocat/orgs",
    "repos_url": "https://api.github.com/users/octocat/repos",
    "events_url": "https://api.github.com/users/octocat/events{/privacy}",
    "received_events_url": "https://api.github.com/users/octocat/received_events",
    "type": "User",
    "site_admin": false
  },
  "identifiers": [
    {
      "type": "GHSA",
      "value": "GHSA-abcd-1234-efgh"
    },
    {
      "type": "CVE",
      "value": "CVE-2050-00000"
    }
  ],
  "state": "published",
  "created_at": "2020-01-01T00:00:00Z",
  "updated_at": "2020-01-02T00:00:00Z",
  "published_at": "2020-01-03T00:00:00Z",
  "closed_at": null,
  "withdrawn_at": null,
  "submission": null,
  "vulnerabilities": [
    {
      "package": {
        "ecosystem": "pip",
        "name": "a-package"
      },
      "vulnerable_version_range": ">= 1.0.0, < 1.0.1",
      "patched_versions": "1.0.1",
      "vulnerable_functions": [
        "function1"
      ]
    },
    {
      "package": {
        "ecosystem": "pip",
        "name": "another-package"
      },
      "vulnerable_version_range": ">= 1.0.0, < 1.0.2",
      "patched_versions": "1.0.2",
      "vulnerable_functions": [
        "function2"
      ]
    }
  ],
  "cvss": {
    "vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
    "score": 9.8
  },
  "cwes": [
    {
      "cwe_id": "CWE-123",
      "name": "A CWE"
    }
  ],
  "cwe_ids": [
    "CWE-123"
  ],
  "credits": [
    {
      "login": "octocat",
      "type": "analyst"
    }
  ],
  "credits_detailed": [
    {
      "user": {
        "login": "octocat",
        "id": 1,
        "node_id": "MDQ6VXNlcjE=",
        "avatar_url": "https://github.com/images/error/octocat_happy.gif",
        "gravatar_id": "",
        "url": "https://api.github.com/users/octocat",
        "html_url": "https://github.com/octocat",
        "followers_url": "https://api.github.com/users/octocat/followers",
        "following_url": "https://api.github.com/users/octocat/following{/other_user}",
        "gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
        "starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
        "subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
        "organizations_url": "https://api.github.com/users/octocat/orgs",
        "repos_url": "https://api.github.com/users/octocat/repos",
        "events_url": "https://api.github.com/users/octocat/events{/privacy}",
        "received_events_url": "https://api.github.com/users/octocat/received_events",
        "type": "User",
        "site_admin": false
      },
      "type": "analyst",
      "state": "accepted"
    }
  ],
  "collaborating_users": [
    {
      "login": "octokitten",
      "id": 1,
      "node_id": "MDQ6VXNlcjE=",
      "avatar_url": "https://github.com/images/error/octokitten_happy.gif",
      "gravatar_id": "",
      "url": "https://api.github.com/users/octokitten",
      "html_url": "https://github.com/octokitten",
      "followers_url": "https://api.github.com/users/octokitten/followers",
      "following_url": "https://api.github.com/users/octokitten/following{/other_user}",
      "gists_url": "https://api.github.com/users/octokitten/gists{/gist_id}",
      "starred_url": "https://api.github.com/users/octokitten/starred{/owner}{/repo}",
      "subscriptions_url": "https://api.github.com/users/octokitten/subscriptions",
      "organizations_url": "https://api.github.com/users/octokitten/orgs",
      "repos_url": "https://api.github.com/users/octokitten/repos",
      "events_url": "https://api.github.com/users/octokitten/events{/privacy}",
      "received_events_url": "https://api.github.com/users/octokitten/received_events",
      "type": "User",
      "site_admin": false
    }
  ],
  "collaborating_teams": [
    {
      "name": "Justice League",
      "id": 1,
      "node_id": "MDQ6VGVhbTE=",
      "slug": "justice-league",
      "description": "A great team.",
      "privacy": "closed",
      "notification_setting": "notifications_enabled",
      "url": "https://api.github.com/teams/1",
      "html_url": "https://github.com/orgs/github/teams/justice-league",
      "members_url": "https://api.github.com/teams/1/members{/member}",
      "repositories_url": "https://api.github.com/teams/1/repos",
      "permission": "admin",
      "parent": null
    }
  ]
}

Request a CVE for a repository security advisory

に対応 GitHub Apps

If you want a CVE identification number for the security vulnerability in your project, and don't already have one, you can request a CVE identification number from GitHub. For more information see "Requesting a CVE identification number."

You may request a CVE for public repositories, but cannot do so for private repositories.

You must authenticate using an access token with the repo scope or repository_advisories:write permission to use this endpoint.

In order to request a CVE for a repository security advisory, you must be a security manager or administrator of that repository.

"Request a CVE for a repository security advisory" のパラメーター

ヘッダー
名前, Type, 説明
`accept` string Setting to `application/vnd.github+json` is recommended.

パスパラメーター
名前, Type, 説明
`owner` string 必須 The account owner of the repository. The name is not case sensitive.
`repo` string 必須 The name of the repository without the `.git` extension. The name is not case sensitive.
`ghsa_id` string 必須 The GHSA (GitHub Security Advisory) identifier of the advisory.

"Request a CVE for a repository security advisory" の HTTP 応答状態コード

状態コード	説明
`202`	Accepted
`400`	Bad Request
`403`	Forbidden
`404`	Resource not found
`422`	Validation failed, or the endpoint has been spammed.

"Request a CVE for a repository security advisory" のコードサンプル

post/repos/{owner}/{repo}/security-advisories/{ghsa_id}/cve

curl -L \
  -X POST \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/repos/OWNER/REPO/security-advisories/GHSA_ID/cve

Accepted

Status: 202

リポジトリ セキュリティ アドバイザリ

Response

Response

Response

Response

Response

Response

Accepted

リポジトリセキュリティアドバイザリ