全局安全公告
使用 REST API 查看全局安全公告。
List global security advisories
Lists all global security advisories that match the specified parameters. If no other parameters are defined, the request will return only GitHub-reviewed advisories that are not malware.
By default, all responses will exclude advisories for malware, because malware are not standard vulnerabilities. To list advisories for malware, you must include the type
parameter in your request, with the value malware
. For more information about the different types of security advisories, see "About the GitHub Advisory database."
Parameters for "List global security advisories"
名称, 类型, 说明 |
---|
accept string Setting to |
名称, 类型, 说明 |
---|
ghsa_id string If specified, only advisories with this GHSA (GitHub Security Advisory) identifier will be returned. |
type string If specified, only advisories of this type will be returned. By default, a request with no other parameters defined will only return reviewed advisories that are not malware. 默认: 可以是以下选项之一: |
cve_id string If specified, only advisories with this CVE (Common Vulnerabilities and Exposures) identifier will be returned. |
ecosystem string If specified, only advisories for these ecosystems will be returned. 可以是以下选项之一: |
severity string If specified, only advisories with these severities will be returned. 可以是以下选项之一: |
cwes If specified, only advisories with these Common Weakness Enumerations (CWEs) will be returned. Example: |
is_withdrawn boolean Whether to only return advisories that have been withdrawn. |
affects If specified, only return advisories that affect any of Example: |
published string If specified, only return advisories that were published on a date or date range. For more information on the syntax of the date range, see "Understanding the search syntax." |
updated string If specified, only return advisories that were updated on a date or date range. For more information on the syntax of the date range, see "Understanding the search syntax." |
modified string If specified, only show advisories that were updated or published on a date or date range. For more information on the syntax of the date range, see "Understanding the search syntax." |
before string A cursor, as given in the Link header. If specified, the query only searches for results before this cursor. |
after string A cursor, as given in the Link header. If specified, the query only searches for results after this cursor. |
direction string The direction to sort the results by. 默认: 可以是以下选项之一: |
per_page integer The number of results per page (max 100). 默认: |
sort string The property to sort the results by. 默认: 可以是以下选项之一: |
HTTP response status codes for "List global security advisories"
Status code | Description |
---|---|
200 | OK |
422 | Validation failed, or the endpoint has been spammed. |
429 | Too many requests |
Code samples for "List global security advisories"
curl -L \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/advisories
Response
Status: 200
[
{
"id": 1,
"ghsa_id": "GHSA-abcd-1234-efgh",
"cve_id": "CVE-2050-00000",
"url": "https://api.github.com/advisories/GHSA-abcd-1234-efgh",
"html_url": "https://github.com/advisories/GHSA-abcd-1234-efgh",
"repository_advisory_url": "https://api.github.com/repos/project/a-package/security-advisories/GHSA-abcd-1234-efgh",
"summary": "Heartbleed security advisory",
"description": "This bug allows an attacker to read portions of the affected server’s memory, potentially disclosing sensitive information.",
"type": "reviewed",
"severity": "high",
"source_code_location": "https://github.com/project/a-package",
"identifiers": [
{
"type": "GHSA",
"value": "GHSA-abcd-1234-efgh"
},
{
"type": "CVE",
"value": "CVE-2050-00000"
}
],
"references": [
"https://nvd.nist.gov/vuln/detail/CVE-2050-00000"
],
"published_at": "2023-03-23T02:30:56Z",
"updated_at": "2023-03-24T02:30:56Z",
"github_reviewed_at": "2023-03-23T02:30:56Z",
"nvd_published_at": "2023-03-25T02:30:56Z",
"withdrawn_at": null,
"vulnerabilities": [
{
"package": {
"ecosystem": "npm",
"name": "a-package"
},
"first_patched_version": "1.0.3",
"vulnerable_version_range": "<=1.0.2",
"vulnerable_functions": [
"a_function"
]
}
],
"cvss": {
"vector_string": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"score": 7.6
},
"cwes": [
{
"cwe_id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
}
],
"credits": [
{
"user": {
"login": "octocat",
"id": 1,
"node_id": "MDQ6VXNlcjE=",
"avatar_url": "https://github.com/images/error/octocat_happy.gif",
"gravatar_id": "",
"url": "https://api.github.com/users/octocat",
"html_url": "https://github.com/octocat",
"followers_url": "https://api.github.com/users/octocat/followers",
"following_url": "https://api.github.com/users/octocat/following{/other_user}",
"gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
"starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
"organizations_url": "https://api.github.com/users/octocat/orgs",
"repos_url": "https://api.github.com/users/octocat/repos",
"events_url": "https://api.github.com/users/octocat/events{/privacy}",
"received_events_url": "https://api.github.com/users/octocat/received_events",
"type": "User",
"site_admin": false
},
"type": "analyst"
}
]
}
]
Get a global security advisory
Gets a global security advisory using its GitHub Security Advisory (GHSA) identifier.
Parameters for "Get a global security advisory"
名称, 类型, 说明 |
---|
accept string Setting to |
名称, 类型, 说明 |
---|
ghsa_id string 必须The GHSA (GitHub Security Advisory) identifier of the advisory. |
HTTP response status codes for "Get a global security advisory"
Status code | Description |
---|---|
200 | OK |
404 | Resource not found |
Code samples for "Get a global security advisory"
curl -L \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/advisories/GHSA_ID
Response
Status: 200
{
"ghsa_id": "GHSA-abcd-1234-efgh",
"cve_id": "CVE-2050-00000",
"url": "https://api.github.com/advisories/GHSA-abcd-1234-efgh",
"html_url": "https://github.com/advisories/GHSA-abcd-1234-efgh",
"repository_advisory_url": "https://api.github.com/repos/project/a-package/security-advisories/GHSA-abcd-1234-efgh",
"summary": "A short summary of the advisory.",
"description": "A detailed description of what the advisory entails.",
"type": "reviewed",
"severity": "high",
"source_code_location": "https://github.com/project/a-package",
"identifiers": [
{
"type": "GHSA",
"value": "GHSA-abcd-1234-efgh"
},
{
"type": "CVE",
"value": "CVE-2050-00000"
}
],
"references": [
"https://nvd.nist.gov/vuln/detail/CVE-2050-00000"
],
"published_at": "2023-03-23T02:30:56Z",
"updated_at": "2023-03-24T02:30:56Z",
"github_reviewed_at": "2023-03-23T02:30:56Z",
"nvd_published_at": "2023-03-25T02:30:56Z",
"withdrawn_at": null,
"vulnerabilities": [
{
"package": {
"ecosystem": "npm",
"name": "a-package"
},
"first_patched_version": "1.0.3",
"vulnerable_version_range": "<=1.0.2",
"vulnerable_functions": [
"a_function"
]
}
],
"cvss": {
"vector_string": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"score": 7.6
},
"cwes": [
{
"cwe_id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
}
],
"credits": [
{
"user": {
"login": "octocat",
"id": 1,
"node_id": "MDQ6VXNlcjE=",
"avatar_url": "https://github.com/images/error/octocat_happy.gif",
"gravatar_id": "",
"url": "https://api.github.com/users/octocat",
"html_url": "https://github.com/octocat",
"followers_url": "https://api.github.com/users/octocat/followers",
"following_url": "https://api.github.com/users/octocat/following{/other_user}",
"gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
"starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
"organizations_url": "https://api.github.com/users/octocat/orgs",
"repos_url": "https://api.github.com/users/octocat/repos",
"events_url": "https://api.github.com/users/octocat/events{/privacy}",
"received_events_url": "https://api.github.com/users/octocat/received_events",
"type": "User",
"site_admin": false
},
"type": "analyst"
}
]
}