Skip to main content
이제 REST API의 버전이 지정되었습니다. 자세한 내용은 "API 버전 관리 정보"를 참조하세요.

글로벌 보안 권고에 대한 REST API 엔드포인트

REST API를 사용하여 글로벌 보안 공지를 봅니다.

Note

이러한 엔드포인트를 사용하려면 관리자가 GitHub Enterprise Server 인스턴스에 대해 GitHub Connect를 사용하도록 설정해야 합니다. 자세한 내용은 GitHub Advisory Database에서 보안 권고 탐색을(를) 참조하세요.

List global security advisories

Lists all global security advisories that match the specified parameters. If no other parameters are defined, the request will return only GitHub-reviewed advisories that are not malware.

By default, all responses will exclude advisories for malware, because malware are not standard vulnerabilities. To list advisories for malware, you must include the type parameter in your request, with the value malware. For more information about the different types of security advisories, see "About the GitHub Advisory database."

"List global security advisories"에 대한 세분화된 액세스 토큰

이 엔드포인트는 다음 세분화된 토큰 형식에서 작동합니다.:

세분화된 토큰에는 어떤 권한도 필요하지 않습니다.

공용 리소스만 요청되는 경우 인증 없이 이 엔드포인트를 사용할 수 있습니다.

"List global security advisories"에 대한 매개 변수

머리글
속성, 형식, 설명
accept string

Setting to application/vnd.github+json is recommended.

쿼리 매개 변수
속성, 형식, 설명
ghsa_id string

If specified, only advisories with this GHSA (GitHub Security Advisory) identifier will be returned.

type string

If specified, only advisories of this type will be returned. By default, a request with no other parameters defined will only return reviewed advisories that are not malware.

기본값: reviewed

다음 중 하나일 수 있습니다.: reviewed, malware, unreviewed

cve_id string

If specified, only advisories with this CVE (Common Vulnerabilities and Exposures) identifier will be returned.

ecosystem string

If specified, only advisories for these ecosystems will be returned.

다음 중 하나일 수 있습니다.: rubygems, npm, pip, maven, nuget, composer, go, rust, erlang, actions, pub, other, swift

severity string

If specified, only advisories with these severities will be returned.

다음 중 하나일 수 있습니다.: unknown, low, medium, high, critical

cwes

If specified, only advisories with these Common Weakness Enumerations (CWEs) will be returned.

Example: cwes=79,284,22 or cwes[]=79&cwes[]=284&cwes[]=22

is_withdrawn boolean

Whether to only return advisories that have been withdrawn.

affects

If specified, only return advisories that affect any of package or package@version. A maximum of 1000 packages can be specified. If the query parameter causes the URL to exceed the maximum URL length supported by your client, you must specify fewer packages.

Example: affects=package1,package2@1.0.0,package3@^2.0.0 or affects[]=package1&affects[]=package2@1.0.0

published string

If specified, only return advisories that were published on a date or date range.

For more information on the syntax of the date range, see "Understanding the search syntax."

updated string

If specified, only return advisories that were updated on a date or date range.

For more information on the syntax of the date range, see "Understanding the search syntax."

modified string

If specified, only show advisories that were updated or published on a date or date range.

For more information on the syntax of the date range, see "Understanding the search syntax."

epss_percentage string

If specified, only return advisories that have an EPSS percentage score that matches the provided value. The EPSS percentage represents the likelihood of a CVE being exploited.

epss_percentile string

If specified, only return advisories that have an EPSS percentile score that matches the provided value. The EPSS percentile represents the relative rank of the CVE's likelihood of being exploited compared to other CVEs.

before string

A cursor, as given in the Link header. If specified, the query only searches for results before this cursor. For more information, see "Using pagination in the REST API."

after string

A cursor, as given in the Link header. If specified, the query only searches for results after this cursor. For more information, see "Using pagination in the REST API."

direction string

The direction to sort the results by.

기본값: desc

다음 중 하나일 수 있습니다.: asc, desc

per_page integer

The number of results per page (max 100). For more information, see "Using pagination in the REST API."

기본값: 30

sort string

The property to sort the results by.

기본값: published

다음 중 하나일 수 있습니다.: updated, published, epss_percentage, epss_percentile

"List global security advisories"에 대한 HTTP 응답 상태 코드

상태 코드설명
200

OK

422

Validation failed, or the endpoint has been spammed.

429

Too many requests

"List global security advisories"에 대한 코드 샘플

요청 예제

get/advisories
curl -L \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2022-11-28" \ http(s)://HOSTNAME/api/v3/advisories

Response

Status: 200
[ { "id": 1, "ghsa_id": "GHSA-abcd-1234-efgh", "cve_id": "CVE-2050-00000", "url": "https://HOSTNAME/advisories/GHSA-abcd-1234-efgh", "html_url": "https://github.com/advisories/GHSA-abcd-1234-efgh", "repository_advisory_url": "https://HOSTNAME/repos/project/a-package/security-advisories/GHSA-abcd-1234-efgh", "summary": "Heartbleed security advisory", "description": "This bug allows an attacker to read portions of the affected server’s memory, potentially disclosing sensitive information.", "type": "reviewed", "severity": "high", "source_code_location": "https://github.com/project/a-package", "identifiers": [ { "type": "GHSA", "value": "GHSA-abcd-1234-efgh" }, { "type": "CVE", "value": "CVE-2050-00000" } ], "references": [ "https://nvd.nist.gov/vuln/detail/CVE-2050-00000" ], "published_at": "2023-03-23T02:30:56Z", "updated_at": "2023-03-24T02:30:56Z", "github_reviewed_at": "2023-03-23T02:30:56Z", "nvd_published_at": "2023-03-25T02:30:56Z", "withdrawn_at": null, "vulnerabilities": [ { "package": { "ecosystem": "npm", "name": "a-package" }, "first_patched_version": "1.0.3", "vulnerable_version_range": "<=1.0.2", "vulnerable_functions": [ "a_function" ] } ], "cvss": { "vector_string": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", "score": 7.6 }, "cvss_severities": { "cvss_v3": { "vector_string": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", "score": 7.6 }, "cvss_v4": { "vector_string": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "score": 9.3 } }, "cwes": [ { "cwe_id": "CWE-400", "name": "Uncontrolled Resource Consumption" } ], "epss": [ { "percentage": 0.00045, "percentile": "0.16001e0" } ], "credits": [ { "user": { "login": "octocat", "id": 1, "node_id": "MDQ6VXNlcjE=", "avatar_url": "https://github.com/images/error/octocat_happy.gif", "gravatar_id": "", "url": "https://HOSTNAME/users/octocat", "html_url": "https://github.com/octocat", "followers_url": "https://HOSTNAME/users/octocat/followers", "following_url": "https://HOSTNAME/users/octocat/following{/other_user}", "gists_url": "https://HOSTNAME/users/octocat/gists{/gist_id}", "starred_url": "https://HOSTNAME/users/octocat/starred{/owner}{/repo}", "subscriptions_url": "https://HOSTNAME/users/octocat/subscriptions", "organizations_url": "https://HOSTNAME/users/octocat/orgs", "repos_url": "https://HOSTNAME/users/octocat/repos", "events_url": "https://HOSTNAME/users/octocat/events{/privacy}", "received_events_url": "https://HOSTNAME/users/octocat/received_events", "type": "User", "site_admin": false }, "type": "analyst" } ] } ]

Get a global security advisory

Gets a global security advisory using its GitHub Security Advisory (GHSA) identifier.

"Get a global security advisory"에 대한 세분화된 액세스 토큰

이 엔드포인트는 다음 세분화된 토큰 형식에서 작동합니다.:

세분화된 토큰에는 어떤 권한도 필요하지 않습니다.

공용 리소스만 요청되는 경우 인증 없이 이 엔드포인트를 사용할 수 있습니다.

"Get a global security advisory"에 대한 매개 변수

머리글
속성, 형식, 설명
accept string

Setting to application/vnd.github+json is recommended.

경로 매개 변수
속성, 형식, 설명
ghsa_id string Required

The GHSA (GitHub Security Advisory) identifier of the advisory.

"Get a global security advisory"에 대한 HTTP 응답 상태 코드

상태 코드설명
200

OK

404

Resource not found

"Get a global security advisory"에 대한 코드 샘플

요청 예제

get/advisories/{ghsa_id}
curl -L \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2022-11-28" \ http(s)://HOSTNAME/api/v3/advisories/GHSA_ID

Response

Status: 200
{ "ghsa_id": "GHSA-abcd-1234-efgh", "cve_id": "CVE-2050-00000", "url": "https://HOSTNAME/advisories/GHSA-abcd-1234-efgh", "html_url": "https://github.com/advisories/GHSA-abcd-1234-efgh", "repository_advisory_url": "https://HOSTNAME/repos/project/a-package/security-advisories/GHSA-abcd-1234-efgh", "summary": "A short summary of the advisory.", "description": "A detailed description of what the advisory entails.", "type": "reviewed", "severity": "high", "source_code_location": "https://github.com/project/a-package", "identifiers": [ { "type": "GHSA", "value": "GHSA-abcd-1234-efgh" }, { "type": "CVE", "value": "CVE-2050-00000" } ], "references": [ "https://nvd.nist.gov/vuln/detail/CVE-2050-00000" ], "published_at": "2023-03-23T02:30:56Z", "updated_at": "2023-03-24T02:30:56Z", "github_reviewed_at": "2023-03-23T02:30:56Z", "nvd_published_at": "2023-03-25T02:30:56Z", "withdrawn_at": null, "vulnerabilities": [ { "package": { "ecosystem": "npm", "name": "a-package" }, "first_patched_version": "1.0.3", "vulnerable_version_range": "<=1.0.2", "vulnerable_functions": [ "a_function" ] } ], "cvss": { "vector_string": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", "score": 7.6 }, "cvss_severities": { "cvss_v3": { "vector_string": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", "score": 7.6 }, "cvss_v4": { "vector_string": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "score": 9.3 } }, "cwes": [ { "cwe_id": "CWE-400", "name": "Uncontrolled Resource Consumption" } ], "credits": [ { "user": { "login": "octocat", "id": 1, "node_id": "MDQ6VXNlcjE=", "avatar_url": "https://github.com/images/error/octocat_happy.gif", "gravatar_id": "", "url": "https://HOSTNAME/users/octocat", "html_url": "https://github.com/octocat", "followers_url": "https://HOSTNAME/users/octocat/followers", "following_url": "https://HOSTNAME/users/octocat/following{/other_user}", "gists_url": "https://HOSTNAME/users/octocat/gists{/gist_id}", "starred_url": "https://HOSTNAME/users/octocat/starred{/owner}{/repo}", "subscriptions_url": "https://HOSTNAME/users/octocat/subscriptions", "organizations_url": "https://HOSTNAME/users/octocat/orgs", "repos_url": "https://HOSTNAME/users/octocat/repos", "events_url": "https://HOSTNAME/users/octocat/events{/privacy}", "received_events_url": "https://HOSTNAME/users/octocat/received_events", "type": "User", "site_admin": false }, "type": "analyst" } ] }