Pricing Templates
Log in Sign up
Integrations / GitHub / ...

PATCH /repos/{owner}/{repo}/security-advisories/{ghsa_id}

Update a repository security advisory using its GitHub Security Advisory (GHSA) identifier.

In order to update any security advisory, the authenticated user must be a security manager or administrator of that repository, or a collaborator on the repository security advisory.

OAuth app tokens and personal access tokens (classic) need the repo or repository_advisories:write scope to use this endpoint.

Servers

Path parameters

Name Type Required Description
repo String Yes

The name of the repository without the .git extension. The name is not case sensitive.
owner String Yes

The account owner of the repository. The name is not case sensitive.
ghsa_id String Yes

The GHSA (GitHub Security Advisory) identifier of the advisory.

Request headers

Name Type Required Description
Content-Type String Yes The media type of the request body.

Default value: "application/json"

Request body fields

Name Type Required Description
cve_id String No

The Common Vulnerabilities and Exposures (CVE) ID.
credits[] Array No

A list of users receiving credit for their participation in the security advisory.
credits[].type String Yes

The type of credit the user is receiving.

Possible values:

  • "remediation_verifier"
  • "remediation_reviewer"
  • "tool"
  • "analyst"
  • "other"
  • "finder"
  • "remediation_developer"
  • "reporter"
  • "coordinator"
  • "sponsor"
credits[].login String Yes

The username of the user credited.
cvss_vector_string String No

The CVSS vector that calculates the severity of the advisory. You must choose between setting this field or severity.
description String No

A detailed description of what the advisory impacts.
collaborating_users[] Array No

A list of usernames who have been granted write access to the advisory.
cwe_ids[] Array No

A list of Common Weakness Enumeration (CWE) IDs.
collaborating_teams[] Array No

A list of team slugs which have been granted write access to the advisory.
vulnerabilities[] Array No

A product affected by the vulnerability detailed in a repository security advisory.
vulnerabilities[].patched_versions String No

The package version(s) that resolve the vulnerability.
vulnerabilities[].vulnerable_functions[] Array No

The functions in the package that are affected.
vulnerabilities[].vulnerable_version_range String No

The range of the package versions affected by the vulnerability.
vulnerabilities[].package Object Yes

The name of the package affected by the vulnerability.
vulnerabilities[].package.ecosystem String Yes

The package's language or package management ecosystem.

Possible values:

  • "erlang"
  • "other"
  • "go"
  • "npm"
  • "composer"
  • "pub"
  • "actions"
  • "maven"
  • "rubygems"
  • "pip"
  • "rust"
  • "swift"
  • "nuget"
vulnerabilities[].package.name String No

The unique package name within its ecosystem.
state String No

The state of the advisory.

Possible values:

  • "published"
  • "closed"
  • "draft"
summary String No

A short summary of the advisory.
severity String No

The severity of the advisory. You must choose between setting this field or cvss_vector_string.

Possible values:

  • "medium"
  • "high"
  • "low"
  • "critical"

How to start integrating

  1. Add HTTP Task to your workflow definition.
  2. Search for the API you want to integrate with and click on the name.
    • This loads the API reference documentation and prepares the Http request settings.
  3. Click Test request to test run your request to the API and see the API's response.
All third party trademarks (including logos and icons) are the property of their respective owners, which do not sponsor, authorize, or endorse this website.
Pricing Templates Integrations Blog Contact Us Help
© 2025 SimWorkflow
Terms of Service Privacy Policy