Pricing Templates
Log in Sign up
Integrations / GitHub / ...

POST /repos/{owner}/{repo}/security-advisories/reports

Report a security vulnerability to the maintainers of the repository. See "Privately reporting a security vulnerability" for more information about private vulnerability reporting.

Servers

Path parameters

Name Type Required Description
repo String Yes

The name of the repository without the .git extension. The name is not case sensitive.
owner String Yes

The account owner of the repository. The name is not case sensitive.

Request headers

Name Type Required Description
Content-Type String Yes The media type of the request body.

Default value: "application/json"

Request body fields

Name Type Required Description
cvss_vector_string String No

The CVSS vector that calculates the severity of the advisory. You must choose between setting this field or severity.
description String Yes

A detailed description of what the advisory impacts.
cwe_ids[] Array No

A list of Common Weakness Enumeration (CWE) IDs.
vulnerabilities[] Array No

An array of products affected by the vulnerability detailed in a repository security advisory.
vulnerabilities[].patched_versions String No

The package version(s) that resolve the vulnerability.
vulnerabilities[].vulnerable_functions[] Array No

The functions in the package that are affected.
vulnerabilities[].vulnerable_version_range String No

The range of the package versions affected by the vulnerability.
vulnerabilities[].package Object Yes

The name of the package affected by the vulnerability.
vulnerabilities[].package.ecosystem String Yes

The package's language or package management ecosystem.

Possible values:

  • "erlang"
  • "other"
  • "go"
  • "npm"
  • "composer"
  • "pub"
  • "actions"
  • "maven"
  • "rubygems"
  • "pip"
  • "rust"
  • "swift"
  • "nuget"
vulnerabilities[].package.name String No

The unique package name within its ecosystem.
summary String Yes

A short summary of the advisory.
start_private_fork Boolean No

Whether to create a temporary private fork of the repository to collaborate on a fix.

Default value: false
severity String No

The severity of the advisory. You must choose between setting this field or cvss_vector_string.

Possible values:

  • "medium"
  • "high"
  • "low"
  • "critical"

How to start integrating

  1. Add HTTP Task to your workflow definition.
  2. Search for the API you want to integrate with and click on the name.
    • This loads the API reference documentation and prepares the Http request settings.
  3. Click Test request to test run your request to the API and see the API's response.
All third party trademarks (including logos and icons) are the property of their respective owners, which do not sponsor, authorize, or endorse this website.
Pricing Templates Integrations Blog Contact Us Help
© 2025 SimWorkflow
Terms of Service Privacy Policy