Security advisories

Queries

securityAdvisories

Query

GitHub Security Advisories.

Argumentos para `securityAdvisories`

Nombre	Descripción
`after` (`String`)	Returns the elements in the list that come after the specified cursor.
`before` (`String`)	Returns the elements in the list that come before the specified cursor.
`classifications` (`[SecurityAdvisoryClassification!]`)	A list of classifications to filter advisories by.
`epssPercentage` (`Float`)	The EPSS percentage to filter advisories by.
`epssPercentile` (`Float`)	The EPSS percentile to filter advisories by.
`first` (`Int`)	Returns the first n elements from the list.
`last` (`Int`)	Returns the last n elements from the list.
`publishedSince` (`DateTime`)	Filter advisories to those published since a time in the past.
`updatedSince` (`DateTime`)	Filter advisories to those updated since a time in the past.

securityAdvisory

Query

Fetch a Security Advisory by its GHSA ID.

Tipo: SecurityAdvisory

Argumentos para `securityAdvisory`

Nombre	Descripción
`ghsaId` (`String!`)	GitHub Security Advisory ID.

securityVulnerabilities

Query

Software Vulnerabilities documented by GitHub Security Advisories.

Tipo: SecurityVulnerabilityConnection!

Argumentos para `securityVulnerabilities`

Nombre	Descripción
`after` (`String`)	Returns the elements in the list that come after the specified cursor.
`before` (`String`)	Returns the elements in the list that come before the specified cursor.
`classifications` (`[SecurityAdvisoryClassification!]`)	A list of advisory classifications to filter vulnerabilities by.
`ecosystem` (`SecurityAdvisoryEcosystem`)	An ecosystem to filter vulnerabilities by.
`first` (`Int`)	Returns the first n elements from the list.
`last` (`Int`)	Returns the last n elements from the list.
`package` (`String`)	A package name to filter vulnerabilities by.
`severities` (`[SecurityAdvisorySeverity!]`)	A list of severities to filter vulnerabilities by.

Objects

CVSS

Object

The Common Vulnerability Scoring System.

Campos para `CVSS`

Nombre	Descripción
`score` (`Float!`)	The CVSS score associated with this advisory.
`vectorString` (`String`)	The CVSS vector string associated with this advisory.

CvssSeverities

Object

The Common Vulnerability Scoring System.

Campos para `CvssSeverities`

Nombre	Descripción
`cvssV3` (`CVSS`)	The CVSS v3 severity associated with this advisory.
`cvssV4` (`CVSS`)	The CVSS v4 severity associated with this advisory.

CWE

Object

A common weakness enumeration.

`CWE` Implementa

Node

Campos para `CWE`

Nombre	Descripción
`cweId` (`String!`)	The id of the CWE.
`description` (`String!`)	A detailed description of this CWE.
`id` (`ID!`)	The Node ID of the CWE object.
`name` (`String!`)	The name of this CWE.

CWEConnection

Object

The connection type for CWE.

Campos para `CWEConnection`

Nombre	Descripción
`edges` (`[CWEEdge]`)	A list of edges.
`nodes` (`[CWE]`)	A list of nodes.
`pageInfo` (`PageInfo!`)	Information to aid in pagination.
`totalCount` (`Int!`)	Identifies the total count of items in the connection.

CWEEdge

Object

An edge in a connection.

Campos para `CWEEdge`

Nombre	Descripción
`cursor` (`String!`)	A cursor for use in pagination.
`node` (`CWE`)	The item at the end of the edge.

EPSS

Object

The Exploit Prediction Scoring System.

Campos para `EPSS`

Nombre	Descripción
`percentage` (`Float`)	The EPSS percentage represents the likelihood of a CVE being exploited.
`percentile` (`Float`)	The EPSS percentile represents the relative rank of the CVE's likelihood of being exploited compared to other CVEs.

SecurityAdvisory

Object

A GitHub Security Advisory.

`SecurityAdvisory` Implementa

Node

Campos para `SecurityAdvisory`

Nombre	Descripción
`classification` (`SecurityAdvisoryClassification!`)	The classification of the advisory.
`cvss` (`CVSS!`)	The CVSS associated with this advisory. Advertencia `cvss` is deprecated. `cvss` will be removed. New `cvss_severities` field will now contain both `cvss_v3` and `cvss_v4` properties. Removal on 2025-10-01 UTC.
`cvssSeverities` (`CvssSeverities!`)	The CVSS associated with this advisory.
`cwes` (`CWEConnection!`)	CWEs associated with this Advisory. Argumentos para `cwes` `after` (`String`) Returns the elements in the list that come after the specified cursor. `before` (`String`) Returns the elements in the list that come before the specified cursor. `first` (`Int`) Returns the first n elements from the list. `last` (`Int`) Returns the last n elements from the list.
`databaseId` (`Int`)	Identifies the primary key from the database.
`description` (`String!`)	This is a long plaintext description of the advisory.
`epss` (`EPSS`)	The Exploit Prediction Scoring System.
`ghsaId` (`String!`)	The GitHub Security Advisory ID.
`id` (`ID!`)	The Node ID of the SecurityAdvisory object.
`identifiers` (`[SecurityAdvisoryIdentifier!]!`)	A list of identifiers for this advisory.
`notificationsPermalink` (`URI`)	The permalink for the advisory's dependabot alerts page.
`origin` (`String!`)	The organization that originated the advisory.
`permalink` (`URI`)	The permalink for the advisory.
`publishedAt` (`DateTime!`)	When the advisory was published.
`references` (`[SecurityAdvisoryReference!]!`)	A list of references for this advisory.
`severity` (`SecurityAdvisorySeverity!`)	The severity of the advisory.
`summary` (`String!`)	A short plaintext summary of the advisory.
`updatedAt` (`DateTime!`)	When the advisory was last updated.
`vulnerabilities` (`SecurityVulnerabilityConnection!`)	Vulnerabilities associated with this Advisory. Argumentos para `vulnerabilities` `after` (`String`) Returns the elements in the list that come after the specified cursor. `before` (`String`) Returns the elements in the list that come before the specified cursor. `classifications` (`[SecurityAdvisoryClassification!]`) A list of advisory classifications to filter vulnerabilities by. `ecosystem` (`SecurityAdvisoryEcosystem`) An ecosystem to filter vulnerabilities by. `first` (`Int`) Returns the first n elements from the list. `last` (`Int`) Returns the last n elements from the list. `package` (`String`) A package name to filter vulnerabilities by. `severities` (`[SecurityAdvisorySeverity!]`) A list of severities to filter vulnerabilities by.
`withdrawnAt` (`DateTime`)	When the advisory was withdrawn, if it has been withdrawn.

SecurityAdvisoryConnection

Object

The connection type for SecurityAdvisory.

Campos para `SecurityAdvisoryConnection`

Nombre	Descripción
`edges` (`[SecurityAdvisoryEdge]`)	A list of edges.
`nodes` (`[SecurityAdvisory]`)	A list of nodes.
`pageInfo` (`PageInfo!`)	Information to aid in pagination.
`totalCount` (`Int!`)	Identifies the total count of items in the connection.

SecurityAdvisoryEdge

Object

An edge in a connection.

Campos para `SecurityAdvisoryEdge`

Nombre	Descripción
`cursor` (`String!`)	A cursor for use in pagination.
`node` (`SecurityAdvisory`)	The item at the end of the edge.

SecurityAdvisoryIdentifier

Object

A GitHub Security Advisory Identifier.

Campos para `SecurityAdvisoryIdentifier`

Nombre	Descripción
`type` (`String!`)	The identifier type, e.g. GHSA, CVE.
`value` (`String!`)	The identifier.

SecurityAdvisoryPackage

Object

An individual package.

Campos para `SecurityAdvisoryPackage`

Nombre	Descripción
`ecosystem` (`SecurityAdvisoryEcosystem!`)	The ecosystem the package belongs to, e.g. RUBYGEMS, NPM.
`name` (`String!`)	The package name.

SecurityAdvisoryPackageVersion

Object

An individual package version.

Campos para `SecurityAdvisoryPackageVersion`

Nombre	Descripción
`identifier` (`String!`)	The package name or version.

SecurityAdvisoryReference

Object

A GitHub Security Advisory Reference.

Campos para `SecurityAdvisoryReference`

Nombre	Descripción
`url` (`URI!`)	A publicly accessible reference.

SecurityVulnerability

Object

An individual vulnerability within an Advisory.

Campos para `SecurityVulnerability`

Nombre	Descripción
`advisory` (`SecurityAdvisory!`)	The Advisory associated with this Vulnerability.
`firstPatchedVersion` (`SecurityAdvisoryPackageVersion`)	The first version containing a fix for the vulnerability.
`package` (`SecurityAdvisoryPackage!`)	A description of the vulnerable package.
`severity` (`SecurityAdvisorySeverity!`)	The severity of the vulnerability within this package.
`updatedAt` (`DateTime!`)	When the vulnerability was last updated.
`vulnerableVersionRange` (`String!`)	A string that describes the vulnerable package versions. This string follows a basic syntax with a few forms. `= 0.2.0` denotes a single vulnerable version. `<= 1.0.8` denotes a version range up to and including the specified version `< 0.1.11` denotes a version range up to, but excluding, the specified version `>= 4.3.0, < 4.3.5` denotes a version range with a known minimum and maximum version. `>= 0.0.1` denotes a version range with a known minimum, but no known maximum.

SecurityVulnerabilityConnection

Object

The connection type for SecurityVulnerability.

Campos para `SecurityVulnerabilityConnection`

Nombre	Descripción
`edges` (`[SecurityVulnerabilityEdge]`)	A list of edges.
`nodes` (`[SecurityVulnerability]`)	A list of nodes.
`pageInfo` (`PageInfo!`)	Information to aid in pagination.
`totalCount` (`Int!`)	Identifies the total count of items in the connection.

SecurityVulnerabilityEdge

Object

An edge in a connection.

Campos para `SecurityVulnerabilityEdge`

Nombre	Descripción
`cursor` (`String!`)	A cursor for use in pagination.
`node` (`SecurityVulnerability`)	The item at the end of the edge.

Enums

SecurityAdvisoryClassification

Enum

Classification of the advisory.

Valores de `SecurityAdvisoryClassification`.

Nombre	Descripción
`GENERAL`	Classification of general advisories.
`MALWARE`	Classification of malware advisories.

SecurityAdvisoryEcosystem

Enum

The possible ecosystems of a security vulnerability's package.

Valores de `SecurityAdvisoryEcosystem`.

Nombre	Descripción
`ACTIONS`	GitHub Actions.
`COMPOSER`	PHP packages hosted at packagist.org.
`ERLANG`	Erlang/Elixir packages hosted at hex.pm.
`GO`	Go modules.
`MAVEN`	Java artifacts hosted at the Maven central repository.
`NPM`	JavaScript packages hosted at npmjs.com.
`NUGET`	.NET packages hosted at the NuGet Gallery.
`PIP`	Python packages hosted at PyPI.org.
`PUB`	Dart packages hosted at pub.dev.
`RUBYGEMS`	Ruby gems hosted at RubyGems.org.
`RUST`	Rust crates.
`SWIFT`	Swift packages.

SecurityAdvisorySeverity

Enum

Severity of the vulnerability.

Valores de `SecurityAdvisorySeverity`.

Nombre	Descripción
`CRITICAL`	Critical.
`HIGH`	High.
`LOW`	Low.
`MODERATE`	Moderate.

En este artículo

Argumentos para securityAdvisories

Argumentos para securityAdvisory

Argumentos para securityVulnerabilities

Campos para CVSS

Campos para CvssSeverities

CWE Implementa

Campos para CWE

Campos para CWEConnection

Campos para CWEEdge

Campos para EPSS

SecurityAdvisory Implementa

Campos para SecurityAdvisory

Campos para SecurityAdvisoryConnection

Campos para SecurityAdvisoryEdge

Campos para SecurityAdvisoryIdentifier

Campos para SecurityAdvisoryPackage

Campos para SecurityAdvisoryPackageVersion

Campos para SecurityAdvisoryReference

Campos para SecurityVulnerability

Campos para SecurityVulnerabilityConnection

Campos para SecurityVulnerabilityEdge

Valores de SecurityAdvisoryClassification.

Valores de SecurityAdvisoryEcosystem.

Valores de SecurityAdvisorySeverity.

Argumentos para `securityAdvisories`

Argumentos para `securityAdvisory`

Argumentos para `securityVulnerabilities`

Campos para `CVSS`

Campos para `CvssSeverities`

`CWE` Implementa

Campos para `CWE`

Campos para `CWEConnection`

Campos para `CWEEdge`

Campos para `EPSS`

`SecurityAdvisory` Implementa

Campos para `SecurityAdvisory`

Campos para `SecurityAdvisoryConnection`

Campos para `SecurityAdvisoryEdge`

Campos para `SecurityAdvisoryIdentifier`

Campos para `SecurityAdvisoryPackage`

Campos para `SecurityAdvisoryPackageVersion`

Campos para `SecurityAdvisoryReference`

Campos para `SecurityVulnerability`

Campos para `SecurityVulnerabilityConnection`

Campos para `SecurityVulnerabilityEdge`

Valores de `SecurityAdvisoryClassification`.

Valores de `SecurityAdvisoryEcosystem`.

Valores de `SecurityAdvisorySeverity`.