👋 We've unified all of GitHub's product documentation in one place! Check out the content for REST API, GraphQL API, and Developers. Learn more on the GitHub blog.


Publicamos atualizações frequentes em nossa documentação, e a tradução desta página ainda pode estar em andamento. Para obter as informações mais recentes, acesse a documentação em inglês. Se houver problemas com a tradução desta página, entre em contato conosco.

Browsing security vulnerabilities in the GitHub Advisory Database

The Banco de Dados Consultivo GitHub allows you to browse or search for vulnerabilities that affect open source projects on GitHub.

Neste artigo

Você conseguiu encontrar o que estava procurando?

Sobre o Banco de Dados Consultivo GitHub

Uma vulnerabilidade é um problema no código de um projeto que poderia ser explorada para corromper a confidencialidade, a integridade ou a disponibilidade do projeto ou de outros projetos que usam o código. The Banco de Dados Consultivo GitHub contains a curated list of security vulnerabilities that have been mapped to any package tracked by the GitHub dependency graph. Each advisory listing includes information like the affected repository, as well as the vulnerable and patched versions. The database is also accessible using the GraphQL API. For more information, see the "security_advisory webhook event."

We use the following sources to add vulnerabilities to the Banco de Dados Consultivo GitHub:

GitHub will send you a security alert if we detect any of the vulnerabilities from the Banco de Dados Consultivo GitHub affecting your repository. For more information, see "About alerts for vulnerable dependencies."

Advisories from the National Vulnerability Database list will contain a link to the CVE record, where you can read more details about the vulnerability, its CVSS scores, and its qualitative severity level. For more information, see the "National Vulnerability Database" from the National Institute of Standards and Technology.

O nível de gravidade é um dos quatro níveis possíveis definidos no Sistema de pontuação de vulnerabilidade comum (CVSS, Common Vulnerability Scoring System), Seção 2.1.2:

  • Baixo
  • Moderado
  • Alto
  • Crítico

You can also join Laboratório de Segurança GitHub to browse security-related topics and contribute to security tools and projects.

Accessing an advisory in the Banco de Dados Consultivo GitHub

  1. Navegue até https://github.com/advisories.
  2. Optionally, to filter the list use, any of the drop-down menus.
    Dropdown filters
  3. Click on any advisory to view details.

Searching the Banco de Dados Consultivo GitHub

You can search the database, and use qualifiers to narrow your search to advisories created on a certain date, in a specific ecosystem, or in a particular library.

Date formatting must follow the ISO8601 standard, which is YYYY-MM-DD (year-month-day). You can also add optional time information THH:MM:SS+00:00 after the date, to search by the hour, minute, and second. That's T, followed by HH:MM:SS (hour-minutes-seconds), and a UTC offset (+00:00).

Dates support greater than, less than, and range qualifiers.

QualificadorExemplo
ecosystem:ECOSYSTEMecosystem:npm will show only advisories affecting NPM packages.
severity:LEVELseverity:high will show only advisories with a high severity level.
affects:LIBRARYaffects:lodash will show only advisories affecting the lodash library.
sort:created-ascsort:created-asc will sort by the oldest advisories first.
sort:created-descsort:created-desc will sort by the newest advisories first.
sort:updated-ascsort:updated-asc will sort by the least recently updated first.
sort:updated-descsort:updated-desc will sort by the most recently updated first.
is:withdrawnis:withdrawn will show only advisories that have been withdrawn.
created:YYYY-MM-DDcreated:2019-10-31 will show only advisories created on this date.
updated:YYYY-MM-DDupdated:2019-10-31 will show only advisories updated on this date.

Você conseguiu encontrar o que estava procurando?

Pergunte a uma pessoa

Não consegue encontrar o que procura?

Entrar em contato