Avisos de segurança do repositório
Use a API REST para exibir e gerenciar avisos de segurança do repositório.
List repository security advisories for an organization
Lists repository security advisories for an organization.
To use this endpoint, you must be an owner or security manager for the organization, and you must use an access token with the repo
scope or repository_advisories:write
permission.
Parâmetros para "List repository security advisories for an organization"
Nome, Type, Descrição |
---|
accept string Setting to |
Nome, Type, Descrição |
---|
org string ObrigatórioThe organization name. The name is not case sensitive. |
Nome, Type, Descrição |
---|
direction string The direction to sort the results by. Padrão: Pode ser um dos: |
sort string The property to sort the results by. Padrão: Pode ser um dos: |
before string A cursor, as given in the Link header. If specified, the query only searches for results before this cursor. |
after string A cursor, as given in the Link header. If specified, the query only searches for results after this cursor. |
per_page integer The number of advisories to return per page. Padrão: |
state string Filter by the state of the repository advisories. Only advisories of this state will be returned. Pode ser um dos: |
Códigos de status de resposta HTTP para "List repository security advisories for an organization"
Código de status | Descrição |
---|---|
200 | OK |
400 | Bad Request |
404 | Resource not found |
Exemplos de código para "List repository security advisories for an organization"
curl -L \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/orgs/ORG/security-advisories
Response
Status: 200
[
{
"ghsa_id": "GHSA-abcd-1234-efgh",
"cve_id": "CVE-2050-00000",
"url": "https://api.github.com/repos/repo/a-package/security-advisories/GHSA-abcd-1234-efgh",
"html_url": "https://github.com/repo/a-package/security/advisories/GHSA-abcd-1234-efgh",
"summary": "A short summary of the advisory.",
"description": "A detailed description of what the advisory entails.",
"severity": "critical",
"author": {
"login": "octocat",
"id": 1,
"node_id": "MDQ6VXNlcjE=",
"avatar_url": "https://github.com/images/error/octocat_happy.gif",
"gravatar_id": "",
"url": "https://api.github.com/users/octocat",
"html_url": "https://github.com/octocat",
"followers_url": "https://api.github.com/users/octocat/followers",
"following_url": "https://api.github.com/users/octocat/following{/other_user}",
"gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
"starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
"organizations_url": "https://api.github.com/users/octocat/orgs",
"repos_url": "https://api.github.com/users/octocat/repos",
"events_url": "https://api.github.com/users/octocat/events{/privacy}",
"received_events_url": "https://api.github.com/users/octocat/received_events",
"type": "User",
"site_admin": false
},
"publisher": {
"login": "octocat",
"id": 1,
"node_id": "MDQ6VXNlcjE=",
"avatar_url": "https://github.com/images/error/octocat_happy.gif",
"gravatar_id": "",
"url": "https://api.github.com/users/octocat",
"html_url": "https://github.com/octocat",
"followers_url": "https://api.github.com/users/octocat/followers",
"following_url": "https://api.github.com/users/octocat/following{/other_user}",
"gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
"starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
"organizations_url": "https://api.github.com/users/octocat/orgs",
"repos_url": "https://api.github.com/users/octocat/repos",
"events_url": "https://api.github.com/users/octocat/events{/privacy}",
"received_events_url": "https://api.github.com/users/octocat/received_events",
"type": "User",
"site_admin": false
},
"identifiers": [
{
"type": "GHSA",
"value": "GHSA-abcd-1234-efgh"
},
{
"type": "CVE",
"value": "CVE-2050-00000"
}
],
"state": "published",
"created_at": "2020-01-01T00:00:00Z",
"updated_at": "2020-01-02T00:00:00Z",
"published_at": "2020-01-03T00:00:00Z",
"closed_at": null,
"withdrawn_at": null,
"submission": null,
"vulnerabilities": [
{
"package": {
"ecosystem": "pip",
"name": "a-package"
},
"vulnerable_version_range": ">= 1.0.0, < 1.0.1",
"patched_versions": "1.0.1",
"vulnerable_functions": [
"function1"
]
},
{
"package": {
"ecosystem": "pip",
"name": "another-package"
},
"vulnerable_version_range": ">= 1.0.0, < 1.0.2",
"patched_versions": "1.0.2",
"vulnerable_functions": [
"function2"
]
}
],
"cvss": {
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"score": 9.8
},
"cwes": [
{
"cwe_id": "CWE-123",
"name": "A CWE"
}
],
"cwe_ids": [
"CWE-123"
],
"credits": [
{
"login": "octocat",
"type": "analyst"
}
],
"credits_detailed": [
{
"user": {
"login": "octocat",
"id": 1,
"node_id": "MDQ6VXNlcjE=",
"avatar_url": "https://github.com/images/error/octocat_happy.gif",
"gravatar_id": "",
"url": "https://api.github.com/users/octocat",
"html_url": "https://github.com/octocat",
"followers_url": "https://api.github.com/users/octocat/followers",
"following_url": "https://api.github.com/users/octocat/following{/other_user}",
"gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
"starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
"organizations_url": "https://api.github.com/users/octocat/orgs",
"repos_url": "https://api.github.com/users/octocat/repos",
"events_url": "https://api.github.com/users/octocat/events{/privacy}",
"received_events_url": "https://api.github.com/users/octocat/received_events",
"type": "User",
"site_admin": false
},
"type": "analyst",
"state": "accepted"
}
],
"collaborating_users": [
{
"login": "octokitten",
"id": 1,
"node_id": "MDQ6VXNlcjE=",
"avatar_url": "https://github.com/images/error/octokitten_happy.gif",
"gravatar_id": "",
"url": "https://api.github.com/users/octokitten",
"html_url": "https://github.com/octokitten",
"followers_url": "https://api.github.com/users/octokitten/followers",
"following_url": "https://api.github.com/users/octokitten/following{/other_user}",
"gists_url": "https://api.github.com/users/octokitten/gists{/gist_id}",
"starred_url": "https://api.github.com/users/octokitten/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/octokitten/subscriptions",
"organizations_url": "https://api.github.com/users/octokitten/orgs",
"repos_url": "https://api.github.com/users/octokitten/repos",
"events_url": "https://api.github.com/users/octokitten/events{/privacy}",
"received_events_url": "https://api.github.com/users/octokitten/received_events",
"type": "User",
"site_admin": false
}
],
"collaborating_teams": [
{
"name": "Justice League",
"id": 1,
"node_id": "MDQ6VGVhbTE=",
"slug": "justice-league",
"description": "A great team.",
"privacy": "closed",
"notification_setting": "notifications_enabled",
"url": "https://api.github.com/teams/1",
"html_url": "https://github.com/orgs/github/teams/justice-league",
"members_url": "https://api.github.com/teams/1/members{/member}",
"repositories_url": "https://api.github.com/teams/1/repos",
"permission": "admin",
"parent": null
}
]
},
{
"ghsa_id": "GHSA-1234-5678-9012",
"cve_id": "CVE-2051-0000",
"url": "https://api.github.com/repos/repo/a-package/security-advisories/GHSA-1234-5678-9012",
"html_url": "https://github.com/repo/a-package/security/advisories/GHSA-1234-5678-9012",
"summary": "A short summary of the advisory.",
"description": "A detailed description of what the advisory entails.",
"severity": "low",
"author": {
"login": "monauser",
"id": 2,
"node_id": "MDQ6VXNlcjE=",
"avatar_url": "https://github.com/images/error/octocat_happy.gif",
"gravatar_id": "",
"url": "https://api.github.com/users/monauser",
"html_url": "https://github.com/monauser",
"followers_url": "https://api.github.com/users/monauser/followers",
"following_url": "https://api.github.com/users/monauser/following{/other_user}",
"gists_url": "https://api.github.com/users/monauser/gists{/gist_id}",
"starred_url": "https://api.github.com/users/monauser/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/monauser/subscriptions",
"organizations_url": "https://api.github.com/users/monauser/orgs",
"repos_url": "https://api.github.com/users/monauser/repos",
"events_url": "https://api.github.com/users/monauser/events{/privacy}",
"received_events_url": "https://api.github.com/users/monauser/received_events",
"type": "User",
"site_admin": false
},
"publisher": {
"login": "monalisa",
"id": 3,
"node_id": "MDQ6VXNlcjE=",
"avatar_url": "https://github.com/images/error/octocat_happy.gif",
"gravatar_id": "",
"url": "https://api.github.com/users/monalisa",
"html_url": "https://github.com/monalisa",
"followers_url": "https://api.github.com/users/monalisa/followers",
"following_url": "https://api.github.com/users/monalisa/following{/other_user}",
"gists_url": "https://api.github.com/users/monalisa/gists{/gist_id}",
"starred_url": "https://api.github.com/users/monalisa/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/monalisa/subscriptions",
"organizations_url": "https://api.github.com/users/monalisa/orgs",
"repos_url": "https://api.github.com/users/monalisa/repos",
"events_url": "https://api.github.com/users/monalisa/events{/privacy}",
"received_events_url": "https://api.github.com/users/monalisa/received_events",
"type": "User",
"site_admin": false
},
"identifiers": [
{
"type": "GHSA",
"value": "GHSA-1234-5678-9012"
},
{
"type": "CVE",
"value": "CVE-2051-00000"
}
],
"state": "published",
"created_at": "2020-01-03T00:00:00Z",
"updated_at": "2020-01-04T00:00:00Z",
"published_at": "2020-01-04T00:00:00Z",
"closed_at": null,
"withdrawn_at": null,
"submission": [
{
"accepted": true
}
],
"vulnerabilities": [
{
"package": {
"ecosystem": "pip",
"name": "a-package"
},
"vulnerable_version_range": ">= 1.0.0, < 1.0.1",
"patched_versions": "1.0.1",
"vulnerable_functions": [
"function1"
]
},
{
"package": {
"ecosystem": "pip",
"name": "another-package"
},
"vulnerable_version_range": ">= 1.0.0, < 1.0.2",
"patched_versions": "1.0.2",
"vulnerable_functions": [
"function2"
]
}
],
"cvss": {
"vector_string": "AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N",
"score": 1.6
},
"cwes": [
{
"cwe_id": "CWE-456",
"name": "A CWE 2.0"
}
],
"cwe_ids": [
"CWE-456"
],
"credits": [
{
"login": "monauser",
"type": "reporter"
}
],
"credits_detailed": [
{
"user": {
"login": "monauser",
"id": 2,
"node_id": "MDQ6VXNlcjE=",
"avatar_url": "https://github.com/images/error/octocat_happy.gif",
"gravatar_id": "",
"url": "https://api.github.com/users/monauser",
"html_url": "https://github.com/monauser",
"followers_url": "https://api.github.com/users/monauser/followers",
"following_url": "https://api.github.com/users/monauser/following{/other_user}",
"gists_url": "https://api.github.com/users/monauser/gists{/gist_id}",
"starred_url": "https://api.github.com/users/monauser/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/monauser/subscriptions",
"organizations_url": "https://api.github.com/users/monauser/orgs",
"repos_url": "https://api.github.com/users/monauser/repos",
"events_url": "https://api.github.com/users/monauser/events{/privacy}",
"received_events_url": "https://api.github.com/users/monauser/received_events",
"type": "User",
"site_admin": false
},
"type": "reporter",
"state": "accepted"
}
],
"collaborating_users": [
{
"login": "octokitten",
"id": 1,
"node_id": "MDQ6VXNlcjE=",
"avatar_url": "https://github.com/images/error/octokitten_happy.gif",
"gravatar_id": "",
"url": "https://api.github.com/users/octokitten",
"html_url": "https://github.com/octokitten",
"followers_url": "https://api.github.com/users/octokitten/followers",
"following_url": "https://api.github.com/users/octokitten/following{/other_user}",
"gists_url": "https://api.github.com/users/octokitten/gists{/gist_id}",
"starred_url": "https://api.github.com/users/octokitten/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/octokitten/subscriptions",
"organizations_url": "https://api.github.com/users/octokitten/orgs",
"repos_url": "https://api.github.com/users/octokitten/repos",
"events_url": "https://api.github.com/users/octokitten/events{/privacy}",
"received_events_url": "https://api.github.com/users/octokitten/received_events",
"type": "User",
"site_admin": false
}
],
"collaborating_teams": [
{
"name": "Justice League",
"id": 1,
"node_id": "MDQ6VGVhbTE=",
"slug": "justice-league",
"description": "A great team.",
"privacy": "closed",
"notification_setting": "notifications_enabled",
"url": "https://api.github.com/teams/1",
"html_url": "https://github.com/orgs/github/teams/justice-league",
"members_url": "https://api.github.com/teams/1/members{/member}",
"repositories_url": "https://api.github.com/teams/1/repos",
"permission": "admin",
"parent": null
}
]
}
]
List repository security advisories
Lists security advisories in a repository.
You must authenticate using an access token with the repo
scope or repository_advisories:read
permission
in order to get published security advisories in a private repository, or any unpublished security advisories that you have access to.
You can access unpublished security advisories from a repository if you are a security manager or administrator of that repository, or if you are a collaborator on any security advisory.
Parâmetros para "List repository security advisories"
Nome, Type, Descrição |
---|
accept string Setting to |
Nome, Type, Descrição |
---|
owner string ObrigatórioThe account owner of the repository. The name is not case sensitive. |
repo string ObrigatórioThe name of the repository without the |
Nome, Type, Descrição |
---|
direction string The direction to sort the results by. Padrão: Pode ser um dos: |
sort string The property to sort the results by. Padrão: Pode ser um dos: |
before string A cursor, as given in the Link header. If specified, the query only searches for results before this cursor. |
after string A cursor, as given in the Link header. If specified, the query only searches for results after this cursor. |
per_page integer Number of advisories to return per page. Padrão: |
state string Filter by state of the repository advisories. Only advisories of this state will be returned. Pode ser um dos: |
Códigos de status de resposta HTTP para "List repository security advisories"
Código de status | Descrição |
---|---|
200 | OK |
400 | Bad Request |
404 | Resource not found |
Exemplos de código para "List repository security advisories"
curl -L \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/repos/OWNER/REPO/security-advisories
Response
Status: 200
[
{
"ghsa_id": "GHSA-abcd-1234-efgh",
"cve_id": "CVE-2050-00000",
"url": "https://api.github.com/repos/repo/a-package/security-advisories/GHSA-abcd-1234-efgh",
"html_url": "https://github.com/repo/a-package/security/advisories/GHSA-abcd-1234-efgh",
"summary": "A short summary of the advisory.",
"description": "A detailed description of what the advisory entails.",
"severity": "critical",
"author": {
"login": "octocat",
"id": 1,
"node_id": "MDQ6VXNlcjE=",
"avatar_url": "https://github.com/images/error/octocat_happy.gif",
"gravatar_id": "",
"url": "https://api.github.com/users/octocat",
"html_url": "https://github.com/octocat",
"followers_url": "https://api.github.com/users/octocat/followers",
"following_url": "https://api.github.com/users/octocat/following{/other_user}",
"gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
"starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
"organizations_url": "https://api.github.com/users/octocat/orgs",
"repos_url": "https://api.github.com/users/octocat/repos",
"events_url": "https://api.github.com/users/octocat/events{/privacy}",
"received_events_url": "https://api.github.com/users/octocat/received_events",
"type": "User",
"site_admin": false
},
"publisher": {
"login": "octocat",
"id": 1,
"node_id": "MDQ6VXNlcjE=",
"avatar_url": "https://github.com/images/error/octocat_happy.gif",
"gravatar_id": "",
"url": "https://api.github.com/users/octocat",
"html_url": "https://github.com/octocat",
"followers_url": "https://api.github.com/users/octocat/followers",
"following_url": "https://api.github.com/users/octocat/following{/other_user}",
"gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
"starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
"organizations_url": "https://api.github.com/users/octocat/orgs",
"repos_url": "https://api.github.com/users/octocat/repos",
"events_url": "https://api.github.com/users/octocat/events{/privacy}",
"received_events_url": "https://api.github.com/users/octocat/received_events",
"type": "User",
"site_admin": false
},
"identifiers": [
{
"type": "GHSA",
"value": "GHSA-abcd-1234-efgh"
},
{
"type": "CVE",
"value": "CVE-2050-00000"
}
],
"state": "published",
"created_at": "2020-01-01T00:00:00Z",
"updated_at": "2020-01-02T00:00:00Z",
"published_at": "2020-01-03T00:00:00Z",
"closed_at": null,
"withdrawn_at": null,
"submission": null,
"vulnerabilities": [
{
"package": {
"ecosystem": "pip",
"name": "a-package"
},
"vulnerable_version_range": ">= 1.0.0, < 1.0.1",
"patched_versions": "1.0.1",
"vulnerable_functions": [
"function1"
]
},
{
"package": {
"ecosystem": "pip",
"name": "another-package"
},
"vulnerable_version_range": ">= 1.0.0, < 1.0.2",
"patched_versions": "1.0.2",
"vulnerable_functions": [
"function2"
]
}
],
"cvss": {
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"score": 9.8
},
"cwes": [
{
"cwe_id": "CWE-123",
"name": "A CWE"
}
],
"cwe_ids": [
"CWE-123"
],
"credits": [
{
"login": "octocat",
"type": "analyst"
}
],
"credits_detailed": [
{
"user": {
"login": "octocat",
"id": 1,
"node_id": "MDQ6VXNlcjE=",
"avatar_url": "https://github.com/images/error/octocat_happy.gif",
"gravatar_id": "",
"url": "https://api.github.com/users/octocat",
"html_url": "https://github.com/octocat",
"followers_url": "https://api.github.com/users/octocat/followers",
"following_url": "https://api.github.com/users/octocat/following{/other_user}",
"gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
"starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
"organizations_url": "https://api.github.com/users/octocat/orgs",
"repos_url": "https://api.github.com/users/octocat/repos",
"events_url": "https://api.github.com/users/octocat/events{/privacy}",
"received_events_url": "https://api.github.com/users/octocat/received_events",
"type": "User",
"site_admin": false
},
"type": "analyst",
"state": "accepted"
}
],
"collaborating_users": [
{
"login": "octokitten",
"id": 1,
"node_id": "MDQ6VXNlcjE=",
"avatar_url": "https://github.com/images/error/octokitten_happy.gif",
"gravatar_id": "",
"url": "https://api.github.com/users/octokitten",
"html_url": "https://github.com/octokitten",
"followers_url": "https://api.github.com/users/octokitten/followers",
"following_url": "https://api.github.com/users/octokitten/following{/other_user}",
"gists_url": "https://api.github.com/users/octokitten/gists{/gist_id}",
"starred_url": "https://api.github.com/users/octokitten/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/octokitten/subscriptions",
"organizations_url": "https://api.github.com/users/octokitten/orgs",
"repos_url": "https://api.github.com/users/octokitten/repos",
"events_url": "https://api.github.com/users/octokitten/events{/privacy}",
"received_events_url": "https://api.github.com/users/octokitten/received_events",
"type": "User",
"site_admin": false
}
],
"collaborating_teams": [
{
"name": "Justice League",
"id": 1,
"node_id": "MDQ6VGVhbTE=",
"slug": "justice-league",
"description": "A great team.",
"privacy": "closed",
"notification_setting": "notifications_enabled",
"url": "https://api.github.com/teams/1",
"html_url": "https://github.com/orgs/github/teams/justice-league",
"members_url": "https://api.github.com/teams/1/members{/member}",
"repositories_url": "https://api.github.com/teams/1/repos",
"permission": "admin",
"parent": null
}
]
},
{
"ghsa_id": "GHSA-1234-5678-9012",
"cve_id": "CVE-2051-0000",
"url": "https://api.github.com/repos/repo/a-package/security-advisories/GHSA-1234-5678-9012",
"html_url": "https://github.com/repo/a-package/security/advisories/GHSA-1234-5678-9012",
"summary": "A short summary of the advisory.",
"description": "A detailed description of what the advisory entails.",
"severity": "low",
"author": {
"login": "monauser",
"id": 2,
"node_id": "MDQ6VXNlcjE=",
"avatar_url": "https://github.com/images/error/octocat_happy.gif",
"gravatar_id": "",
"url": "https://api.github.com/users/monauser",
"html_url": "https://github.com/monauser",
"followers_url": "https://api.github.com/users/monauser/followers",
"following_url": "https://api.github.com/users/monauser/following{/other_user}",
"gists_url": "https://api.github.com/users/monauser/gists{/gist_id}",
"starred_url": "https://api.github.com/users/monauser/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/monauser/subscriptions",
"organizations_url": "https://api.github.com/users/monauser/orgs",
"repos_url": "https://api.github.com/users/monauser/repos",
"events_url": "https://api.github.com/users/monauser/events{/privacy}",
"received_events_url": "https://api.github.com/users/monauser/received_events",
"type": "User",
"site_admin": false
},
"publisher": {
"login": "monalisa",
"id": 3,
"node_id": "MDQ6VXNlcjE=",
"avatar_url": "https://github.com/images/error/octocat_happy.gif",
"gravatar_id": "",
"url": "https://api.github.com/users/monalisa",
"html_url": "https://github.com/monalisa",
"followers_url": "https://api.github.com/users/monalisa/followers",
"following_url": "https://api.github.com/users/monalisa/following{/other_user}",
"gists_url": "https://api.github.com/users/monalisa/gists{/gist_id}",
"starred_url": "https://api.github.com/users/monalisa/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/monalisa/subscriptions",
"organizations_url": "https://api.github.com/users/monalisa/orgs",
"repos_url": "https://api.github.com/users/monalisa/repos",
"events_url": "https://api.github.com/users/monalisa/events{/privacy}",
"received_events_url": "https://api.github.com/users/monalisa/received_events",
"type": "User",
"site_admin": false
},
"identifiers": [
{
"type": "GHSA",
"value": "GHSA-1234-5678-9012"
},
{
"type": "CVE",
"value": "CVE-2051-00000"
}
],
"state": "published",
"created_at": "2020-01-03T00:00:00Z",
"updated_at": "2020-01-04T00:00:00Z",
"published_at": "2020-01-04T00:00:00Z",
"closed_at": null,
"withdrawn_at": null,
"submission": [
{
"accepted": true
}
],
"vulnerabilities": [
{
"package": {
"ecosystem": "pip",
"name": "a-package"
},
"vulnerable_version_range": ">= 1.0.0, < 1.0.1",
"patched_versions": "1.0.1",
"vulnerable_functions": [
"function1"
]
},
{
"package": {
"ecosystem": "pip",
"name": "another-package"
},
"vulnerable_version_range": ">= 1.0.0, < 1.0.2",
"patched_versions": "1.0.2",
"vulnerable_functions": [
"function2"
]
}
],
"cvss": {
"vector_string": "AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N",
"score": 1.6
},
"cwes": [
{
"cwe_id": "CWE-456",
"name": "A CWE 2.0"
}
],
"cwe_ids": [
"CWE-456"
],
"credits": [
{
"login": "monauser",
"type": "reporter"
}
],
"credits_detailed": [
{
"user": {
"login": "monauser",
"id": 2,
"node_id": "MDQ6VXNlcjE=",
"avatar_url": "https://github.com/images/error/octocat_happy.gif",
"gravatar_id": "",
"url": "https://api.github.com/users/monauser",
"html_url": "https://github.com/monauser",
"followers_url": "https://api.github.com/users/monauser/followers",
"following_url": "https://api.github.com/users/monauser/following{/other_user}",
"gists_url": "https://api.github.com/users/monauser/gists{/gist_id}",
"starred_url": "https://api.github.com/users/monauser/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/monauser/subscriptions",
"organizations_url": "https://api.github.com/users/monauser/orgs",
"repos_url": "https://api.github.com/users/monauser/repos",
"events_url": "https://api.github.com/users/monauser/events{/privacy}",
"received_events_url": "https://api.github.com/users/monauser/received_events",
"type": "User",
"site_admin": false
},
"type": "reporter",
"state": "accepted"
}
],
"collaborating_users": [
{
"login": "octokitten",
"id": 1,
"node_id": "MDQ6VXNlcjE=",
"avatar_url": "https://github.com/images/error/octokitten_happy.gif",
"gravatar_id": "",
"url": "https://api.github.com/users/octokitten",
"html_url": "https://github.com/octokitten",
"followers_url": "https://api.github.com/users/octokitten/followers",
"following_url": "https://api.github.com/users/octokitten/following{/other_user}",
"gists_url": "https://api.github.com/users/octokitten/gists{/gist_id}",
"starred_url": "https://api.github.com/users/octokitten/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/octokitten/subscriptions",
"organizations_url": "https://api.github.com/users/octokitten/orgs",
"repos_url": "https://api.github.com/users/octokitten/repos",
"events_url": "https://api.github.com/users/octokitten/events{/privacy}",
"received_events_url": "https://api.github.com/users/octokitten/received_events",
"type": "User",
"site_admin": false
}
],
"collaborating_teams": [
{
"name": "Justice League",
"id": 1,
"node_id": "MDQ6VGVhbTE=",
"slug": "justice-league",
"description": "A great team.",
"privacy": "closed",
"notification_setting": "notifications_enabled",
"url": "https://api.github.com/teams/1",
"html_url": "https://github.com/orgs/github/teams/justice-league",
"members_url": "https://api.github.com/teams/1/members{/member}",
"repositories_url": "https://api.github.com/teams/1/repos",
"permission": "admin",
"parent": null
}
]
}
]
Create a repository security advisory
Creates a new repository security advisory.
You must authenticate using an access token with the repo
scope or repository_advisories:write
permission to use this endpoint.
In order to create a draft repository security advisory, you must be a security manager or administrator of that repository.
Parâmetros para "Create a repository security advisory"
Nome, Type, Descrição |
---|
accept string Setting to |
Nome, Type, Descrição |
---|
owner string ObrigatórioThe account owner of the repository. The name is not case sensitive. |
repo string ObrigatórioThe name of the repository without the |
Nome, Type, Descrição | |||||||||
---|---|---|---|---|---|---|---|---|---|
summary string ObrigatórioA short summary of the advisory. | |||||||||
description string ObrigatórioA detailed description of what the advisory impacts. | |||||||||
cve_id string or null The Common Vulnerabilities and Exposures (CVE) ID. | |||||||||
vulnerabilities array of objects ObrigatórioA product affected by the vulnerability detailed in a repository security advisory. | |||||||||
Properties of |
Nome, Type, Descrição | |||
---|---|---|---|
package object ObrigatórioThe name of the package affected by the vulnerability. | |||
Properties of |
Nome, Type, Descrição |
---|
ecosystem string ObrigatórioThe package's language or package management ecosystem. Pode ser um dos: |
name string or null The unique package name within its ecosystem. |
vulnerable_version_range
string or null The range of the package versions affected by the vulnerability.
patched_versions
string or null The package version(s) that resolve the vulnerability.
vulnerable_functions
array of strings or null The functions in the package that are affected.
cwe_ids
array of strings or null A list of Common Weakness Enumeration (CWE) IDs.
credits
array of objects or null A list of users receiving credit for their participation in the security advisory.
Properties of credits
Nome, Type, Descrição |
---|
login string ObrigatórioThe username of the user credited. |
type string ObrigatórioThe type of credit the user is receiving. Pode ser um dos: |
severity
string or null The severity of the advisory. You must choose between setting this field or cvss_vector_string
.
Pode ser um dos: critical
, high
, medium
, low
, null
cvss_vector_string
string or null The CVSS vector that calculates the severity of the advisory. You must choose between setting this field or severity
.
Códigos de status de resposta HTTP para "Create a repository security advisory"
Código de status | Descrição |
---|---|
201 | Created |
403 | Forbidden |
404 | Resource not found |
422 | Validation failed, or the endpoint has been spammed. |
Exemplos de código para "Create a repository security advisory"
curl -L \
-X POST \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/repos/OWNER/REPO/security-advisories \
-d '{"summary":"A new important advisory","description":"A more in-depth description of what the problem is.","severity":"high","cve_id":null,"vulnerabilities":[{"package":{"name":"a-package","ecosystem":"npm"},"vulnerable_version_range":"< 1.0.0","patched_versions":"1.0.0","vulnerable_functions":["important_function"]}],"cwe_ids":["CWE-1101","CWE-20"],"credits":[{"login":"monalisa","type":"reporter"},{"login":"octocat","type":"analyst"}]}'
Response
Status: 201
{
"ghsa_id": "GHSA-abcd-1234-efgh",
"cve_id": "CVE-2050-00000",
"url": "https://api.github.com/repos/repo/a-package/security-advisories/GHSA-abcd-1234-efgh",
"html_url": "https://github.com/repo/a-package/security/advisories/GHSA-abcd-1234-efgh",
"summary": "A short summary of the advisory.",
"description": "A detailed description of what the advisory entails.",
"severity": "critical",
"author": {
"login": "octocat",
"id": 1,
"node_id": "MDQ6VXNlcjE=",
"avatar_url": "https://github.com/images/error/octocat_happy.gif",
"gravatar_id": "",
"url": "https://api.github.com/users/octocat",
"html_url": "https://github.com/octocat",
"followers_url": "https://api.github.com/users/octocat/followers",
"following_url": "https://api.github.com/users/octocat/following{/other_user}",
"gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
"starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
"organizations_url": "https://api.github.com/users/octocat/orgs",
"repos_url": "https://api.github.com/users/octocat/repos",
"events_url": "https://api.github.com/users/octocat/events{/privacy}",
"received_events_url": "https://api.github.com/users/octocat/received_events",
"type": "User",
"site_admin": false
},
"publisher": {
"login": "octocat",
"id": 1,
"node_id": "MDQ6VXNlcjE=",
"avatar_url": "https://github.com/images/error/octocat_happy.gif",
"gravatar_id": "",
"url": "https://api.github.com/users/octocat",
"html_url": "https://github.com/octocat",
"followers_url": "https://api.github.com/users/octocat/followers",
"following_url": "https://api.github.com/users/octocat/following{/other_user}",
"gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
"starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
"organizations_url": "https://api.github.com/users/octocat/orgs",
"repos_url": "https://api.github.com/users/octocat/repos",
"events_url": "https://api.github.com/users/octocat/events{/privacy}",
"received_events_url": "https://api.github.com/users/octocat/received_events",
"type": "User",
"site_admin": false
},
"identifiers": [
{
"type": "GHSA",
"value": "GHSA-abcd-1234-efgh"
},
{
"type": "CVE",
"value": "CVE-2050-00000"
}
],
"state": "published",
"created_at": "2020-01-01T00:00:00Z",
"updated_at": "2020-01-02T00:00:00Z",
"published_at": "2020-01-03T00:00:00Z",
"closed_at": null,
"withdrawn_at": null,
"submission": null,
"vulnerabilities": [
{
"package": {
"ecosystem": "pip",
"name": "a-package"
},
"vulnerable_version_range": ">= 1.0.0, < 1.0.1",
"patched_versions": "1.0.1",
"vulnerable_functions": [
"function1"
]
},
{
"package": {
"ecosystem": "pip",
"name": "another-package"
},
"vulnerable_version_range": ">= 1.0.0, < 1.0.2",
"patched_versions": "1.0.2",
"vulnerable_functions": [
"function2"
]
}
],
"cvss": {
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"score": 9.8
},
"cwes": [
{
"cwe_id": "CWE-123",
"name": "A CWE"
}
],
"cwe_ids": [
"CWE-123"
],
"credits": [
{
"login": "octocat",
"type": "analyst"
}
],
"credits_detailed": [
{
"user": {
"login": "octocat",
"id": 1,
"node_id": "MDQ6VXNlcjE=",
"avatar_url": "https://github.com/images/error/octocat_happy.gif",
"gravatar_id": "",
"url": "https://api.github.com/users/octocat",
"html_url": "https://github.com/octocat",
"followers_url": "https://api.github.com/users/octocat/followers",
"following_url": "https://api.github.com/users/octocat/following{/other_user}",
"gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
"starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
"organizations_url": "https://api.github.com/users/octocat/orgs",
"repos_url": "https://api.github.com/users/octocat/repos",
"events_url": "https://api.github.com/users/octocat/events{/privacy}",
"received_events_url": "https://api.github.com/users/octocat/received_events",
"type": "User",
"site_admin": false
},
"type": "analyst",
"state": "accepted"
}
],
"collaborating_users": [
{
"login": "octokitten",
"id": 1,
"node_id": "MDQ6VXNlcjE=",
"avatar_url": "https://github.com/images/error/octokitten_happy.gif",
"gravatar_id": "",
"url": "https://api.github.com/users/octokitten",
"html_url": "https://github.com/octokitten",
"followers_url": "https://api.github.com/users/octokitten/followers",
"following_url": "https://api.github.com/users/octokitten/following{/other_user}",
"gists_url": "https://api.github.com/users/octokitten/gists{/gist_id}",
"starred_url": "https://api.github.com/users/octokitten/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/octokitten/subscriptions",
"organizations_url": "https://api.github.com/users/octokitten/orgs",
"repos_url": "https://api.github.com/users/octokitten/repos",
"events_url": "https://api.github.com/users/octokitten/events{/privacy}",
"received_events_url": "https://api.github.com/users/octokitten/received_events",
"type": "User",
"site_admin": false
}
],
"collaborating_teams": [
{
"name": "Justice League",
"id": 1,
"node_id": "MDQ6VGVhbTE=",
"slug": "justice-league",
"description": "A great team.",
"privacy": "closed",
"notification_setting": "notifications_enabled",
"url": "https://api.github.com/teams/1",
"html_url": "https://github.com/orgs/github/teams/justice-league",
"members_url": "https://api.github.com/teams/1/members{/member}",
"repositories_url": "https://api.github.com/teams/1/repos",
"permission": "admin",
"parent": null
}
]
}
Privately report a security vulnerability
Report a security vulnerability to the maintainers of the repository. See "Privately reporting a security vulnerability" for more information about private vulnerability reporting.
Parâmetros para "Privately report a security vulnerability"
Nome, Type, Descrição |
---|
accept string Setting to |
Nome, Type, Descrição |
---|
owner string ObrigatórioThe account owner of the repository. The name is not case sensitive. |
repo string ObrigatórioThe name of the repository without the |
Nome, Type, Descrição | |||||||||
---|---|---|---|---|---|---|---|---|---|
summary string ObrigatórioA short summary of the advisory. | |||||||||
description string ObrigatórioA detailed description of what the advisory impacts. | |||||||||
vulnerabilities array of objects or null An array of products affected by the vulnerability detailed in a repository security advisory. | |||||||||
Properties of |
Nome, Type, Descrição | |||
---|---|---|---|
package object ObrigatórioThe name of the package affected by the vulnerability. | |||
Properties of |
Nome, Type, Descrição |
---|
ecosystem string ObrigatórioThe package's language or package management ecosystem. Pode ser um dos: |
name string or null The unique package name within its ecosystem. |
vulnerable_version_range
string or null The range of the package versions affected by the vulnerability.
patched_versions
string or null The package version(s) that resolve the vulnerability.
vulnerable_functions
array of strings or null The functions in the package that are affected.
cwe_ids
array of strings or null A list of Common Weakness Enumeration (CWE) IDs.
severity
string or null The severity of the advisory. You must choose between setting this field or cvss_vector_string
.
Pode ser um dos: critical
, high
, medium
, low
, null
cvss_vector_string
string or null The CVSS vector that calculates the severity of the advisory. You must choose between setting this field or severity
.
Códigos de status de resposta HTTP para "Privately report a security vulnerability"
Código de status | Descrição |
---|---|
201 | Created |
403 | Forbidden |
404 | Resource not found |
422 | Validation failed, or the endpoint has been spammed. |
Exemplos de código para "Privately report a security vulnerability"
curl -L \
-X POST \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/repos/OWNER/REPO/security-advisories/reports \
-d '{"summary":"A newly discovered vulnerability","description":"A more in-depth description of what the problem is.","severity":"high","vulnerabilities":[{"package":{"name":"a-package","ecosystem":"npm"},"vulnerable_version_range":"< 1.0.0","patched_versions":"1.0.0","vulnerable_functions":["important_function"]}],"cwe_ids":["CWE-123"]}'
Response
Status: 201
{
"ghsa_id": "GHSA-abcd-1234-efgh",
"cve_id": "CVE-2050-00000",
"url": "https://api.github.com/repos/repo/a-package/security-advisories/GHSA-abcd-1234-efgh",
"html_url": "https://github.com/repo/a-package/security/advisories/GHSA-abcd-1234-efgh",
"summary": "A newly discovered vulnerability",
"description": "A more in-depth description of what the problem is.",
"severity": "high",
"author": {
"login": "octocat",
"id": 1,
"node_id": "MDQ6VXNlcjE=",
"avatar_url": "https://github.com/images/error/octocat_happy.gif",
"gravatar_id": "",
"url": "https://api.github.com/users/octocat",
"html_url": "https://github.com/octocat",
"followers_url": "https://api.github.com/users/octocat/followers",
"following_url": "https://api.github.com/users/octocat/following{/other_user}",
"gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
"starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
"organizations_url": "https://api.github.com/users/octocat/orgs",
"repos_url": "https://api.github.com/users/octocat/repos",
"events_url": "https://api.github.com/users/octocat/events{/privacy}",
"received_events_url": "https://api.github.com/users/octocat/received_events",
"type": "User",
"site_admin": false
},
"publisher": null,
"identifiers": [
{
"type": "GHSA",
"value": "GHSA-abcd-1234-efgh"
},
{
"type": "CVE",
"value": null
}
],
"state": "triage",
"created_at": "2020-01-01T00:00:00Z",
"updated_at": "2020-01-02T00:00:00Z",
"published_at": null,
"closed_at": null,
"withdrawn_at": null,
"submission": {
"accepted": false
},
"vulnerabilities": [
{
"package": {
"ecosystem": "npm",
"name": "a-package"
},
"vulnerable_version_range": "< 1.0.0",
"patched_versions": "1.0.0",
"vulnerable_functions": [
"important_function"
]
}
],
"cvss": null,
"cwes": [
{
"cwe_id": "CWE-123",
"name": "A CWE"
}
],
"cwe_ids": [
"CWE-123"
],
"credits": [
{
"login": "octocat",
"type": "finder"
}
],
"credits_detailed": [
{
"user": {
"login": "octocat",
"id": 1,
"node_id": "MDQ6VXNlcjE=",
"avatar_url": "https://github.com/images/error/octocat_happy.gif",
"gravatar_id": "",
"url": "https://api.github.com/users/octocat",
"html_url": "https://github.com/octocat",
"followers_url": "https://api.github.com/users/octocat/followers",
"following_url": "https://api.github.com/users/octocat/following{/other_user}",
"gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
"starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
"organizations_url": "https://api.github.com/users/octocat/orgs",
"repos_url": "https://api.github.com/users/octocat/repos",
"events_url": "https://api.github.com/users/octocat/events{/privacy}",
"received_events_url": "https://api.github.com/users/octocat/received_events",
"type": "User",
"site_admin": false
},
"type": "finder",
"state": "accepted"
}
],
"collaborating_users": [
{
"login": "octocat",
"id": 1,
"node_id": "MDQ6VXNlcjE=",
"avatar_url": "https://github.com/images/error/octocat_happy.gif",
"gravatar_id": "",
"url": "https://api.github.com/users/octocat",
"html_url": "https://github.com/octocat",
"followers_url": "https://api.github.com/users/octocat/followers",
"following_url": "https://api.github.com/users/octocat/following{/other_user}",
"gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
"starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
"organizations_url": "https://api.github.com/users/octocat/orgs",
"repos_url": "https://api.github.com/users/octocat/repos",
"events_url": "https://api.github.com/users/octocat/events{/privacy}",
"received_events_url": "https://api.github.com/users/octocat/received_events",
"type": "User",
"site_admin": false
}
],
"collaborating_teams": [
{
"name": "Justice League",
"id": 1,
"node_id": "MDQ6VGVhbTE=",
"slug": "justice-league",
"description": "A great team.",
"privacy": "closed",
"notification_setting": "notifications_enabled",
"url": "https://api.github.com/teams/1",
"html_url": "https://github.com/orgs/github/teams/justice-league",
"members_url": "https://api.github.com/teams/1/members{/member}",
"repositories_url": "https://api.github.com/teams/1/repos",
"permission": "admin",
"parent": null
}
]
}
Get a repository security advisory
Get a repository security advisory using its GitHub Security Advisory (GHSA) identifier.
You can access any published security advisory on a public repository.
You must authenticate using an access token with the repo
scope or repository_advisories:read
permission
in order to get a published security advisory in a private repository, or any unpublished security advisory that you have access to.
You can access an unpublished security advisory from a repository if you are a security manager or administrator of that repository, or if you are a collaborator on the security advisory.
Parâmetros para "Get a repository security advisory"
Nome, Type, Descrição |
---|
accept string Setting to |
Nome, Type, Descrição |
---|
owner string ObrigatórioThe account owner of the repository. The name is not case sensitive. |
repo string ObrigatórioThe name of the repository without the |
ghsa_id string ObrigatórioThe GHSA (GitHub Security Advisory) identifier of the advisory. |
Códigos de status de resposta HTTP para "Get a repository security advisory"
Código de status | Descrição |
---|---|
200 | OK |
403 | Forbidden |
404 | Resource not found |
Exemplos de código para "Get a repository security advisory"
curl -L \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/repos/OWNER/REPO/security-advisories/GHSA_ID
Response
Status: 200
{
"ghsa_id": "GHSA-abcd-1234-efgh",
"cve_id": "CVE-2050-00000",
"url": "https://api.github.com/repos/repo/a-package/security-advisories/GHSA-abcd-1234-efgh",
"html_url": "https://github.com/repo/a-package/security/advisories/GHSA-abcd-1234-efgh",
"summary": "A short summary of the advisory.",
"description": "A detailed description of what the advisory entails.",
"severity": "critical",
"author": {
"login": "octocat",
"id": 1,
"node_id": "MDQ6VXNlcjE=",
"avatar_url": "https://github.com/images/error/octocat_happy.gif",
"gravatar_id": "",
"url": "https://api.github.com/users/octocat",
"html_url": "https://github.com/octocat",
"followers_url": "https://api.github.com/users/octocat/followers",
"following_url": "https://api.github.com/users/octocat/following{/other_user}",
"gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
"starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
"organizations_url": "https://api.github.com/users/octocat/orgs",
"repos_url": "https://api.github.com/users/octocat/repos",
"events_url": "https://api.github.com/users/octocat/events{/privacy}",
"received_events_url": "https://api.github.com/users/octocat/received_events",
"type": "User",
"site_admin": false
},
"publisher": {
"login": "octocat",
"id": 1,
"node_id": "MDQ6VXNlcjE=",
"avatar_url": "https://github.com/images/error/octocat_happy.gif",
"gravatar_id": "",
"url": "https://api.github.com/users/octocat",
"html_url": "https://github.com/octocat",
"followers_url": "https://api.github.com/users/octocat/followers",
"following_url": "https://api.github.com/users/octocat/following{/other_user}",
"gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
"starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
"organizations_url": "https://api.github.com/users/octocat/orgs",
"repos_url": "https://api.github.com/users/octocat/repos",
"events_url": "https://api.github.com/users/octocat/events{/privacy}",
"received_events_url": "https://api.github.com/users/octocat/received_events",
"type": "User",
"site_admin": false
},
"identifiers": [
{
"type": "GHSA",
"value": "GHSA-abcd-1234-efgh"
},
{
"type": "CVE",
"value": "CVE-2050-00000"
}
],
"state": "published",
"created_at": "2020-01-01T00:00:00Z",
"updated_at": "2020-01-02T00:00:00Z",
"published_at": "2020-01-03T00:00:00Z",
"closed_at": null,
"withdrawn_at": null,
"submission": null,
"vulnerabilities": [
{
"package": {
"ecosystem": "pip",
"name": "a-package"
},
"vulnerable_version_range": ">= 1.0.0, < 1.0.1",
"patched_versions": "1.0.1",
"vulnerable_functions": [
"function1"
]
},
{
"package": {
"ecosystem": "pip",
"name": "another-package"
},
"vulnerable_version_range": ">= 1.0.0, < 1.0.2",
"patched_versions": "1.0.2",
"vulnerable_functions": [
"function2"
]
}
],
"cvss": {
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"score": 9.8
},
"cwes": [
{
"cwe_id": "CWE-123",
"name": "A CWE"
}
],
"cwe_ids": [
"CWE-123"
],
"credits": [
{
"login": "octocat",
"type": "analyst"
}
],
"credits_detailed": [
{
"user": {
"login": "octocat",
"id": 1,
"node_id": "MDQ6VXNlcjE=",
"avatar_url": "https://github.com/images/error/octocat_happy.gif",
"gravatar_id": "",
"url": "https://api.github.com/users/octocat",
"html_url": "https://github.com/octocat",
"followers_url": "https://api.github.com/users/octocat/followers",
"following_url": "https://api.github.com/users/octocat/following{/other_user}",
"gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
"starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
"organizations_url": "https://api.github.com/users/octocat/orgs",
"repos_url": "https://api.github.com/users/octocat/repos",
"events_url": "https://api.github.com/users/octocat/events{/privacy}",
"received_events_url": "https://api.github.com/users/octocat/received_events",
"type": "User",
"site_admin": false
},
"type": "analyst",
"state": "accepted"
}
],
"collaborating_users": [
{
"login": "octokitten",
"id": 1,
"node_id": "MDQ6VXNlcjE=",
"avatar_url": "https://github.com/images/error/octokitten_happy.gif",
"gravatar_id": "",
"url": "https://api.github.com/users/octokitten",
"html_url": "https://github.com/octokitten",
"followers_url": "https://api.github.com/users/octokitten/followers",
"following_url": "https://api.github.com/users/octokitten/following{/other_user}",
"gists_url": "https://api.github.com/users/octokitten/gists{/gist_id}",
"starred_url": "https://api.github.com/users/octokitten/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/octokitten/subscriptions",
"organizations_url": "https://api.github.com/users/octokitten/orgs",
"repos_url": "https://api.github.com/users/octokitten/repos",
"events_url": "https://api.github.com/users/octokitten/events{/privacy}",
"received_events_url": "https://api.github.com/users/octokitten/received_events",
"type": "User",
"site_admin": false
}
],
"collaborating_teams": [
{
"name": "Justice League",
"id": 1,
"node_id": "MDQ6VGVhbTE=",
"slug": "justice-league",
"description": "A great team.",
"privacy": "closed",
"notification_setting": "notifications_enabled",
"url": "https://api.github.com/teams/1",
"html_url": "https://github.com/orgs/github/teams/justice-league",
"members_url": "https://api.github.com/teams/1/members{/member}",
"repositories_url": "https://api.github.com/teams/1/repos",
"permission": "admin",
"parent": null
}
]
}
Update a repository security advisory
Update a repository security advisory using its GitHub Security Advisory (GHSA) identifier.
You must authenticate using an access token with the repo
scope or repository_advisories:write
permission to use this endpoint.
In order to update any security advisory, you must be a security manager or administrator of that repository, or a collaborator on the repository security advisory.
Parâmetros para "Update a repository security advisory"
Nome, Type, Descrição |
---|
accept string Setting to |
Nome, Type, Descrição |
---|
owner string ObrigatórioThe account owner of the repository. The name is not case sensitive. |
repo string ObrigatórioThe name of the repository without the |
ghsa_id string ObrigatórioThe GHSA (GitHub Security Advisory) identifier of the advisory. |
Nome, Type, Descrição | |||||||||
---|---|---|---|---|---|---|---|---|---|
summary string A short summary of the advisory. | |||||||||
description string A detailed description of what the advisory impacts. | |||||||||
cve_id string or null The Common Vulnerabilities and Exposures (CVE) ID. | |||||||||
vulnerabilities array of objects A product affected by the vulnerability detailed in a repository security advisory. | |||||||||
Properties of |
Nome, Type, Descrição | |||
---|---|---|---|
package object ObrigatórioThe name of the package affected by the vulnerability. | |||
Properties of |
Nome, Type, Descrição |
---|
ecosystem string ObrigatórioThe package's language or package management ecosystem. Pode ser um dos: |
name string or null The unique package name within its ecosystem. |
vulnerable_version_range
string or null The range of the package versions affected by the vulnerability.
patched_versions
string or null The package version(s) that resolve the vulnerability.
vulnerable_functions
array of strings or null The functions in the package that are affected.
cwe_ids
array of strings or null A list of Common Weakness Enumeration (CWE) IDs.
credits
array of objects or null A list of users receiving credit for their participation in the security advisory.
Properties of credits
Nome, Type, Descrição |
---|
login string ObrigatórioThe username of the user credited. |
type string ObrigatórioThe type of credit the user is receiving. Pode ser um dos: |
severity
string or null The severity of the advisory. You must choose between setting this field or cvss_vector_string
.
Pode ser um dos: critical
, high
, medium
, low
, null
cvss_vector_string
string or null The CVSS vector that calculates the severity of the advisory. You must choose between setting this field or severity
.
state
string The state of the advisory.
Pode ser um dos: published
, closed
, draft
collaborating_users
array of strings or null A list of usernames who have been granted write access to the advisory.
collaborating_teams
array of strings or null A list of team slugs which have been granted write access to the advisory.
Códigos de status de resposta HTTP para "Update a repository security advisory"
Código de status | Descrição |
---|---|
200 | OK |
403 | Forbidden |
404 | Resource not found |
422 | Validation failed, or the endpoint has been spammed. |
Exemplos de código para "Update a repository security advisory"
curl -L \
-X PATCH \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/repos/OWNER/REPO/security-advisories/GHSA_ID \
-d '{"severity":"critical","state":"published"}'
Response
Status: 200
{
"ghsa_id": "GHSA-abcd-1234-efgh",
"cve_id": "CVE-2050-00000",
"url": "https://api.github.com/repos/repo/a-package/security-advisories/GHSA-abcd-1234-efgh",
"html_url": "https://github.com/repo/a-package/security/advisories/GHSA-abcd-1234-efgh",
"summary": "A short summary of the advisory.",
"description": "A detailed description of what the advisory entails.",
"severity": "critical",
"author": {
"login": "octocat",
"id": 1,
"node_id": "MDQ6VXNlcjE=",
"avatar_url": "https://github.com/images/error/octocat_happy.gif",
"gravatar_id": "",
"url": "https://api.github.com/users/octocat",
"html_url": "https://github.com/octocat",
"followers_url": "https://api.github.com/users/octocat/followers",
"following_url": "https://api.github.com/users/octocat/following{/other_user}",
"gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
"starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
"organizations_url": "https://api.github.com/users/octocat/orgs",
"repos_url": "https://api.github.com/users/octocat/repos",
"events_url": "https://api.github.com/users/octocat/events{/privacy}",
"received_events_url": "https://api.github.com/users/octocat/received_events",
"type": "User",
"site_admin": false
},
"publisher": {
"login": "octocat",
"id": 1,
"node_id": "MDQ6VXNlcjE=",
"avatar_url": "https://github.com/images/error/octocat_happy.gif",
"gravatar_id": "",
"url": "https://api.github.com/users/octocat",
"html_url": "https://github.com/octocat",
"followers_url": "https://api.github.com/users/octocat/followers",
"following_url": "https://api.github.com/users/octocat/following{/other_user}",
"gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
"starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
"organizations_url": "https://api.github.com/users/octocat/orgs",
"repos_url": "https://api.github.com/users/octocat/repos",
"events_url": "https://api.github.com/users/octocat/events{/privacy}",
"received_events_url": "https://api.github.com/users/octocat/received_events",
"type": "User",
"site_admin": false
},
"identifiers": [
{
"type": "GHSA",
"value": "GHSA-abcd-1234-efgh"
},
{
"type": "CVE",
"value": "CVE-2050-00000"
}
],
"state": "published",
"created_at": "2020-01-01T00:00:00Z",
"updated_at": "2020-01-02T00:00:00Z",
"published_at": "2020-01-03T00:00:00Z",
"closed_at": null,
"withdrawn_at": null,
"submission": null,
"vulnerabilities": [
{
"package": {
"ecosystem": "pip",
"name": "a-package"
},
"vulnerable_version_range": ">= 1.0.0, < 1.0.1",
"patched_versions": "1.0.1",
"vulnerable_functions": [
"function1"
]
},
{
"package": {
"ecosystem": "pip",
"name": "another-package"
},
"vulnerable_version_range": ">= 1.0.0, < 1.0.2",
"patched_versions": "1.0.2",
"vulnerable_functions": [
"function2"
]
}
],
"cvss": {
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"score": 9.8
},
"cwes": [
{
"cwe_id": "CWE-123",
"name": "A CWE"
}
],
"cwe_ids": [
"CWE-123"
],
"credits": [
{
"login": "octocat",
"type": "analyst"
}
],
"credits_detailed": [
{
"user": {
"login": "octocat",
"id": 1,
"node_id": "MDQ6VXNlcjE=",
"avatar_url": "https://github.com/images/error/octocat_happy.gif",
"gravatar_id": "",
"url": "https://api.github.com/users/octocat",
"html_url": "https://github.com/octocat",
"followers_url": "https://api.github.com/users/octocat/followers",
"following_url": "https://api.github.com/users/octocat/following{/other_user}",
"gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
"starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
"organizations_url": "https://api.github.com/users/octocat/orgs",
"repos_url": "https://api.github.com/users/octocat/repos",
"events_url": "https://api.github.com/users/octocat/events{/privacy}",
"received_events_url": "https://api.github.com/users/octocat/received_events",
"type": "User",
"site_admin": false
},
"type": "analyst",
"state": "accepted"
}
],
"collaborating_users": [
{
"login": "octokitten",
"id": 1,
"node_id": "MDQ6VXNlcjE=",
"avatar_url": "https://github.com/images/error/octokitten_happy.gif",
"gravatar_id": "",
"url": "https://api.github.com/users/octokitten",
"html_url": "https://github.com/octokitten",
"followers_url": "https://api.github.com/users/octokitten/followers",
"following_url": "https://api.github.com/users/octokitten/following{/other_user}",
"gists_url": "https://api.github.com/users/octokitten/gists{/gist_id}",
"starred_url": "https://api.github.com/users/octokitten/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/octokitten/subscriptions",
"organizations_url": "https://api.github.com/users/octokitten/orgs",
"repos_url": "https://api.github.com/users/octokitten/repos",
"events_url": "https://api.github.com/users/octokitten/events{/privacy}",
"received_events_url": "https://api.github.com/users/octokitten/received_events",
"type": "User",
"site_admin": false
}
],
"collaborating_teams": [
{
"name": "Justice League",
"id": 1,
"node_id": "MDQ6VGVhbTE=",
"slug": "justice-league",
"description": "A great team.",
"privacy": "closed",
"notification_setting": "notifications_enabled",
"url": "https://api.github.com/teams/1",
"html_url": "https://github.com/orgs/github/teams/justice-league",
"members_url": "https://api.github.com/teams/1/members{/member}",
"repositories_url": "https://api.github.com/teams/1/repos",
"permission": "admin",
"parent": null
}
]
}
Request a CVE for a repository security advisory
If you want a CVE identification number for the security vulnerability in your project, and don't already have one, you can request a CVE identification number from GitHub. For more information see "Requesting a CVE identification number."
You may request a CVE for public repositories, but cannot do so for private repositories.
You must authenticate using an access token with the repo
scope or repository_advisories:write
permission to use this endpoint.
In order to request a CVE for a repository security advisory, you must be a security manager or administrator of that repository.
Parâmetros para "Request a CVE for a repository security advisory"
Nome, Type, Descrição |
---|
accept string Setting to |
Nome, Type, Descrição |
---|
owner string ObrigatórioThe account owner of the repository. The name is not case sensitive. |
repo string ObrigatórioThe name of the repository without the |
ghsa_id string ObrigatórioThe GHSA (GitHub Security Advisory) identifier of the advisory. |
Códigos de status de resposta HTTP para "Request a CVE for a repository security advisory"
Código de status | Descrição |
---|---|
202 | Accepted |
400 | Bad Request |
403 | Forbidden |
404 | Resource not found |
422 | Validation failed, or the endpoint has been spammed. |
Exemplos de código para "Request a CVE for a repository security advisory"
curl -L \
-X POST \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/repos/OWNER/REPO/security-advisories/GHSA_ID/cve
Accepted
Status: 202