GET /advisories
Lists all global security advisories that match the specified parameters. If no other parameters are defined, the request will return only GitHub-reviewed advisories that are not malware.
By default, all responses will exclude advisories for malware, because malware are not standard vulnerabilities. To list advisories for malware, you must include the type parameter in your request, with the value malware. For more information about the different types of security advisories, see "About the GitHub Advisory database."
Servers
- https://api.github.com
Query parameters
| Name | Type | Required | Description |
|---|---|---|---|
cve_id |
String | No |
If specified, only advisories with this CVE (Common Vulnerabilities and Exposures) identifier will be returned. |
is_withdrawn |
Boolean | No |
Whether to only return advisories that have been withdrawn. |
affects |
No |
If specified, only return advisories that affect any of Example: |
|
published |
String | No |
If specified, only return advisories that were published on a date or date range. For more information on the syntax of the date range, see "Understanding the search syntax." |
sort |
String | No |
The property to sort the results by. Possible values:
Default value: "published" |
epss_percentile |
String | No |
If specified, only return advisories that have an EPSS percentile score that matches the provided value. The EPSS percentile represents the relative rank of the CVE's likelihood of being exploited compared to other CVEs. |
epss_percentage |
String | No |
If specified, only return advisories that have an EPSS percentage score that matches the provided value. The EPSS percentage represents the likelihood of a CVE being exploited. |
modified |
String | No |
If specified, only show advisories that were updated or published on a date or date range. For more information on the syntax of the date range, see "Understanding the search syntax." |
before |
String | No |
A cursor, as given in the Link header. If specified, the query only searches for results before this cursor. For more information, see "Using pagination in the REST API." |
severity |
String | No |
If specified, only advisories with these severities will be returned. Possible values:
|
ecosystem |
String | No |
If specified, only advisories for these ecosystems will be returned. Possible values:
|
direction |
String | No |
The direction to sort the results by. Possible values:
Default value: "desc" |
updated |
String | No |
If specified, only return advisories that were updated on a date or date range. For more information on the syntax of the date range, see "Understanding the search syntax." |
after |
String | No |
A cursor, as given in the Link header. If specified, the query only searches for results after this cursor. For more information, see "Using pagination in the REST API." |
per_page |
Integer | No |
The number of results per page (max 100). For more information, see "Using pagination in the REST API." Default value: 30 |
type |
String | No |
If specified, only advisories of this type will be returned. By default, a request with no other parameters defined will only return reviewed advisories that are not malware. Possible values:
Default value: "reviewed" |
cwes |
No |
If specified, only advisories with these Common Weakness Enumerations (CWEs) will be returned. Example: |
|
ghsa_id |
String | No |
If specified, only advisories with this GHSA (GitHub Security Advisory) identifier will be returned. |
How to start integrating
- Add HTTP Task to your workflow definition.
- Search for the API you want to integrate with and click on the name.
- This loads the API reference documentation and prepares the Http request settings.
- Click Test request to test run your request to the API and see the API's response.